Quick Links

Re: [PATCH] allow pg_current_logfile() execution under pg_monitor role

From:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
To:	Pavlo Golub <pavlo(dot)golub(at)cybertec(dot)at>
Cc:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [PATCH] allow pg_current_logfile() execution under pg_monitor role
Date:	2024-02-09 16:36:57
Message-ID:	20240209163657.GC663211@nathanxps13
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Feb 09, 2024 at 04:01:58PM +0100, Pavlo Golub wrote:
> The patch attached fixes an oversight/inconsistency of disallowing the
> pg_monitor system role to execute pg_current_logfile([text]).

I think this is reasonable. We allow pg_monitor to execute functions like
pg_ls_logdir(), so it doesn't seem like much of a stretch to expect it to
have privileges for pg_current_logfile(), too. Are there any other
functions that pg_monitor ought to have privileges for?

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

In response to

[PATCH] allow pg_current_logfile() execution under pg_monitor role at 2024-02-09 15:01:58 from Pavlo Golub

Responses

Re[2]: [PATCH] allow pg_current_logfile() execution under pg_monitor role at 2024-02-12 12:27:54 from Pavlo Golub

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Nikita Malakhov	2024-02-09 16:46:58	Re: POC: Extension for adding distributed tracing - pg_tracing
Previous Message	Nathan Bossart	2024-02-09 16:32:45	Re: glibc qsort() vulnerability