Quick Links

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>
Cc:	Isaac Morland <isaac(dot)morland(at)gmail(dot)com>, "Bossart, Nathan" <bossartn(at)amazon(dot)com>, Bharath Rupireddy <bharath(dot)rupireddyforpostgres(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function?
Date:	2021-10-14 19:02:19
Message-ID:	ce0ce10e2c5429d66d3ee1f8ad14fd3667ee9c54.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Thu, 2021-10-14 at 14:22 -0400, Robert Haas wrote:
> I am not really sure that we can get away with changing this, since
> it
> is long-established behavior. At least, if we do, we are going to
> have
> to warn people to watch out for backward-compatibility issues, some
> of
> which may not be things breaking functionally but rather having a
> different security profile. But, in a green field, I don't know why
> it's sane to suppose that if you query a view, the things in the view
> behave partly as if the user querying the view were running them, and
> partly as if the user owning the view were one of them. It seems much
> more logical for it to be one or the other.

How do you feel about at least allowing the functions to execute (and
if it's SECURITY INVOKER, possibly encountering a permissions failure
during execution)?

There are of course security implications with any change like that,
but it seems like a fairly minor one unless I'm missing something. Why
would an admin give someone the privileges to read a view if it will
always fail due to lack of execute privilege?

Regards,
Jeff Davis

In response to

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? at 2021-10-14 18:22:04 from Robert Haas

Responses

Re: should we allow users with a predefined role to access pg_backend_memory_contexts view and pg_log_backend_memory_contexts function? at 2021-10-15 13:08:27 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	John Naylor	2021-10-14 19:14:16	Re: [RFC] building postgres with meson
Previous Message	Gilles Darold	2021-10-14 19:00:17	Re: [PATCH] Proposal for HIDDEN/INVISIBLE column