Re: restrict pg_stat_ssl to superuser?

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-20T10:51:08Z
Lists: pgsql-hackers

Attachments

On 2019-02-19 16:57, Peter Eisentraut wrote:
> On 2019-02-18 04:58, Michael Paquier wrote:
>> On Fri, Feb 15, 2019 at 02:04:59PM +0100, Peter Eisentraut wrote:
>>> We could remove default privileges from pg_stat_get_activity().  Would
>>> that be a problem?
>>
>> I don't think so, still I am wondering about the impact that this
>> could have for monitoring tools calling it directly as we document
>> it.. 
> 
> Actually, this approach isn't going to work anyway, because function
> permissions in a view are checked as the current user, not the view owner.

So here is a patch doing it the "normal" way of nulling out all the rows
the user shouldn't see.

I haven't found any documentation of these access restrictions in the
context of pg_stat_activity.  Is there something that I'm not seeing or
something that should be added?

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

Commits

  1. Hide other user's pg_stat_ssl rows

  2. doc: Add security information about pg_stat_activity