On Mon, Dec 27, 2010 at 9:36 AM, Magnus Hagander <magnus@hagander.net> wrote:
> Seeing logged SQL isn't - but being able to filter the logfiles on
> that requires a *lot* more than just defining a security privilege. If
> we mean "arbitrary log file reading", the easiest way to fix that
> would be to stop checking for superuser permissions in the
> read-file-function, and instead use the permissions *on the function*
> to control it. In fact, that is something that we could (should?) do
> for a bunch of other functions as well, so that we can in that way
> provide much more granular permissions level than just blanked
> assigning of privileges.
That would require having users change the permissions on system
objects, which seems, icky (would they even be dumped?). Given that
the superuser could already create a security definer wrapper function
with the privileges required, I don't think this is needed.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company