Re: Can we have a new SQL callable function to get Postmaster PID?
| От | Bharath Rupireddy |
|---|---|
| Тема | Re: Can we have a new SQL callable function to get Postmaster PID? |
| Дата | |
| Msg-id | CALj2ACWaLhYungVCR-LrY4+0dGHF6Aa8Y_ob3yVCtFJ7YmTGyg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Can we have a new SQL callable function to get Postmaster PID? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Thu, Feb 4, 2021 at 3:27 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Tomas Vondra <tomas.vondra@enterprisedb.com> writes: > > On 2/3/21 4:08 PM, Tom Lane wrote: > >> I'm disinclined to think that this is a good idea from a security > >> perspective. Maybe if it's superuser-only it'd be ok (since a > >> superuser would have other routes to discovering the value anyway). > > > Is the postmaster PID really sensitive? Users with OS access can just > > list the processes, and for users without OS access / privileges it's > > mostly useless, no? > > We disallow ordinary users from finding out the data directory location, > even though that should be equally useless to unprivileged users. The > postmaster PID seems like the same sort of information. It does not > seem like a non-administrator could have any but nefarious use for that > value. (Admittedly, this argument is somewhat weakened by exposing > child processes' PIDs ... but you can't take down the whole installation > by zapping a child process.) > > I'm basically in the same place you are in your other response: the > question to ask is not "why not allow this?", but "why SHOULD we allow > this?" If we still think that the new function pg_postgres_pid() is useful in some ways to the users or developers, then we can have it as a superuser only function and error out for non-super users. Thoughts? With Regards, Bharath Rupireddy. EnterpriseDB: http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: