| From: | "Bossart, Nathan" <bossartn(at)amazon(dot)com> |
|---|---|
| To: | Jeff Davis <pgsql(at)j-davis(dot)com>, Andres Freund <andres(at)anarazel(dot)de> |
| Cc: | Michael Paquier <michael(at)paquier(dot)xyz>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow pg_signal_backend members to use pg_log_backend_memory_stats(). |
| Date: | 2021-10-25 23:58:31 |
| Message-ID: | 79B8CD91-2E0C-4940-BACC-9446D1828AE3@amazon.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/25/21, 4:29 PM, "Jeff Davis" <pgsql(at)j-davis(dot)com> wrote:
> On Mon, 2021-10-25 at 14:30 -0700, Andres Freund wrote:
>> I don't get the reasoning behind the "except ..." logic. What does
>> this
>> actually protect against? A reasonable use case for this feature is
>> is to
>> monitor memory usage of all backends, and this restriction practially
>> requires
>> to still use a security definer function.
>
> Nathan brought it up -- more as a question than a request, so perhaps
> it's not necessary. I don't have a strong opinion about it, but I
> included it to be conservative (easier to relax a privilege than to
> tighten one).
I asked about it since we were going to grant execution to
pg_signal_backend, which (per the docs) shouldn't be able to signal a
superuser-owned backend. I don't mind removing this now that the
pg_signal_backend part is removed.
Nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bossart, Nathan | 2021-10-26 00:07:11 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |
| Previous Message | Jeff Davis | 2021-10-25 23:39:35 | Re: Predefined role pg_maintenance for VACUUM, ANALYZE, CHECKPOINT. |