On Sun, Jan 17, 2016 at 8:48 AM, Andres Freund <andres@anarazel.de> wrote:
> On January 17, 2016 12:46:36 AM GMT+01:00, Michael Paquier <michael.paquier@gmail.com> wrote:
> , but we surely do not want to give away
>>checkpoint and recovery information.
>
> Why is that? A lot of that information is available anyway?
We are trying to hide away from non-superusers WAL-related information
in system views and system function, that's my point to do the same
here. For the data of pg_control, it seems to me that this can give
away to any authorized users hints regarding the way Postgres is
built, perhaps letting people know for example which Linux
distribution is used and which flavor of Postgres is used (we already
give away some information with version() but that's different than
the libraries this is linking to), so an attacker may be able to take
advantage of that to do attacks on potentially outdated packages? And
I would think that many users are actually going to revoke the access
of those functions to public if we are going to make them
world-visible. It is easier as well to restrict things first, and then
relax if necessary, than the opposite as well.
--
Michael