On 10/25/21, 4:29 PM, "Jeff Davis" <pg...@j-davis.com> wrote: > On Mon, 2021-10-25 at 14:30 -0700, Andres Freund wrote: >> I don't get the reasoning behind the "except ..." logic. What does >> this >> actually protect against? A reasonable use case for this feature is >> is to >> monitor memory usage of all backends, and this restriction practially >> requires >> to still use a security definer function. > > Nathan brought it up -- more as a question than a request, so perhaps > it's not necessary. I don't have a strong opinion about it, but I > included it to be conservative (easier to relax a privilege than to > tighten one).
I asked about it since we were going to grant execution to pg_signal_backend, which (per the docs) shouldn't be able to signal a superuser-owned backend. I don't mind removing this now that the pg_signal_backend part is removed. Nathan
