Re: restrict pg_stat_ssl to superuser?

Peter Eisentraut <peter.eisentraut@2ndquadrant.com>

From: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
To: Michael Paquier <michael@paquier.xyz>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2019-02-21T18:56:31Z
Lists: pgsql-hackers
On 2019-02-21 09:11, Michael Paquier wrote:
> On Wed, Feb 20, 2019 at 11:51:08AM +0100, Peter Eisentraut wrote:
>> So here is a patch doing it the "normal" way of nulling out all the rows
>> the user shouldn't see.
> 
> That looks fine to me.

Committed, thanks.

>> I haven't found any documentation of these access restrictions in the
>> context of pg_stat_activity.  Is there something that I'm not seeing or
>> something that should be added?
> 
> Yes, there is nothing.  I agree that it would be good to mention that
> some fields are set to NULL and only visible to superusers or members of
> pg_read_all_stats with a note for pg_stat_activity and
> pg_stat_get_activity().  Here is an idea:
> "Backend and SSL information are restricted to superusers and members
> of the <literal>pg_read_all_stats</literal> role. Access may be
> granted to others using <command>GRANT</command>.
> 
> Getting that back-patched would be nice where pg_read_all_stats was
> introduced.

I added something.  I don't know if it's worth backpatching.  This
situation goes back all the way to when pg_stat_activity was added.
pg_read_all_stats does have documentation, it's just not linked from
everywhere.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Commits

  1. Hide other user's pg_stat_ssl rows

  2. doc: Add security information about pg_stat_activity