| From: | Dmitry Dolgov <9erthalion6(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | jian he <jian(dot)universality(at)gmail(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: System views for versions reporting |
| Date: | 2025-04-01 19:27:23 |
| Message-ID: | yewkpc65y5g6fjd3kge2jetge3q2625hz64mietmyoczhqkmpu@ltotskxk4ndk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Sun, Mar 23, 2025 at 06:21:33PM GMT, Tom Lane wrote:
>
> FWIW, I think the 0004 patch is about to be mostly obsoleted by
> Andrei's proposal at [1]. To the extent that it's not obsoleted,
> I question whether it's something we want at all, given the ground
> rule that unprivileged users are not supposed to have access to info
> about the server's filesystem.
To be clear -- I don't have a case for 0004 myself, except some vague
expectation that in certain situations it could be useful to know which
shared objects are loaded, even if they are not Postgres modules. Based
on the feedback from the original thread [2], there were couple similar
opinions, maybe folks could reply here whether [1] would be sufficient
for them.
I agree with the argument about the privileges. If the 0004 patch will
be found useful, it would make sense to allow only superuser to access
this view. I assume "revoke all on pg_system_libraries from public"
should be enough, would this address the concern?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ranier Vilela | 2025-04-01 19:28:34 | Re: Small memory fixes for pg_createsubcriber |
| Previous Message | Tom Lane | 2025-04-01 19:25:59 | Re: macOS 15.4 versus strchrnul() |