From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> |
Cc: | Luca Ferrari <fluca1978(at)gmail(dot)com>, Александр Петросян <paf(at)yandex(dot)ru>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
Subject: | Re: debugger from superuser only.... why? |
Date: | 2023-09-25 14:28:34 |
Message-ID: | 170505.1695652114@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> writes:
>>> I am wondering why is this, why not allow debugging for non-privileged users?
Seems obvious to me that it'd be a nasty security hole, ie you could
take control of somebody else's session and make it do things you
don't have permissions for. Even if there's a way to restrict
debugging connections to sessions owned by the same user, you'd
have a big problem with being able to change the behavior of
security-definer functions. Clearly, the authors of pldebugger
decided that was a can of worms they didn't care to open.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Brad White | 2023-09-25 14:42:16 | Move from v9.4 to v15 |
Previous Message | Luca Ferrari | 2023-09-25 13:32:22 | Re: debugger from superuser only.... why? |