| From: | Peter Geoghegan <pg(at)heroku(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | KONDO Mitsumasa <kondo(dot)mitsumasa(at)lab(dot)ntt(dot)co(dot)jp>, pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
| Date: | 2014-01-28 01:35:04 |
| Message-ID: | CAM3SWZTafe0v5CZT9hix-gXtEwvzD=My1QZtmS0LRCou=YFF0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
On Mon, Jan 27, 2014 at 5:23 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Root can certainly also look at query texts in shared memory, or for that
> matter in the local memory of any process. So can anybody else running as
> the postgres userid.
I think that the concern may have had something to do with a
MAC-centric viewpoint (e.g. SELinux users), where bizarrely it doesn't
necessarily follow that root would be able to do any of those things.
But in that world, it is surely the security officer's responsibility
to make a special effort to meet those strange requirements. It's
totally orthogonal to our security model.
--
Peter Geoghegan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2014-01-28 01:35:51 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
| Previous Message | Andrew Dunstan | 2014-01-28 01:34:17 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2014-01-28 01:35:51 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |
| Previous Message | Andrew Dunstan | 2014-01-28 01:34:17 | Re: pgsql: Keep pg_stat_statements' query texts in a file, not in shared me |