Re: logfile subprocess and Fancy File Functions

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Agreed it should be relative to the log directory, which may or not be
> > under PGDATA, and don't let them go up above it.  Is there any downside
> > to allowing absolute reads as well because COPY can already read
> > absolute files.
>
> Perhaps not from a security point of view, but I think it would be
> rather bizarre for a general-purpose pg_read_file() function to default
> to reading from the log directory.  From the point of view of having
> a consistent API, it'd be better to call the functions something like
> pg_read_logdirectory() and pg_read_logfile() and restrict them to the
> log directory.  If we later decide we want to add a general
> pg_read_file() operation, we won't have to contort its operation to
> preserve compatibility with the log-fetching case.

OK. There isn't much of value in $PGDATA anyway to read except the
config files, which have limited value.

I did think a file system walker application written using SQL would be
cool, but not if it is going to make us less secure.  I don't think it
does, but adding the function when no one is asking for it seems
backwards.

One issue is that the log files might be in /var/log with other server
logs.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073