| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Julien Rouhaud <rjuju123(at)gmail(dot)com>, Darafei Komяpa Praliaskouski <me(at)komzpa(dot)net>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Marking some contrib modules as trusted extensions |
| Date: | 2020-01-31 09:40:32 |
| Message-ID: | CAEZATCXeVkFfytGYxuF1Th-5-dPEoDuOrx-7Tc_rjfJ8XLWAbw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 29 Jan 2020 at 21:39, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> >>> pg_stat_statements
>
> Mmm, I'm not convinced --- the ability to see what statements are being
> executed in other sessions (even other databases) is something that
> paranoid installations might not be so happy about. Our previous
> discussions about what privilege level is needed to look at
> pg_stat_statements info were all made against a background assumption
> that you needed some extra privilege to set up the view in the first
> place. I think that would need another look or two before being
> comfortable that we're not shifting the goal posts too far.
>
> The bigger picture here is that I don't want to get push-back that
> we've broken somebody's security posture by marking too many extensions
> trusted. So for anything where there's any question about security
> implications, we should err in the conservative direction of leaving
> it untrusted.
>
+1
I wonder if the same could be said about pgrowlocks.
Regards,
Dean
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Banck | 2020-01-31 09:59:30 | Re: [Patch] Make pg_checksums skip foreign tablespace directories |
| Previous Message | Amit Langote | 2020-01-31 09:37:57 | Re: Hash join not finding which collation to use for string hashing |