| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Function to kill backend |
| Date: | 2004-04-03 04:11:12 |
| Message-ID: | 200404030411.i334BCr17966@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> > Seems like useful functionality. Right now, how does an administrator
> > kill another backend from psql? They can't.
>
> The question to ask is "should they be able to?"
>
> I think any such facility is inherently a security risk, since it means
> that a remote attacker who's managed to break into your superuser
> account can randomly zap other backends. Now admittedly there's plenty
> of other mischief he can do with superuser privs, but that doesn't mean
> we should hand him a pre-loaded, pre-sighted cannon.
>
> Having to log into the database server locally to execute such
> operations doesn't seem that bad to me.
If they can read/write your data (as superuser), killing backends is the
least worry.
I can see it as useful as part of pg_stat_activity output.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2004-04-03 04:28:29 | Re: Better support for whole-row operations and composite |
| Previous Message | Tom Lane | 2004-04-03 03:58:40 | Re: Problems Vacuum'ing |