Quick Links

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS

From:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, michael(at)paquier(dot)xyz, gurjeet(at)singh(dot)im, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date:	2022-07-22 22:56:15
Message-ID:	20220722225615.GC3998906@nathanxps13
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Fri, Jul 22, 2022 at 06:44:04PM -0400, Tom Lane wrote:
> Another idea is to add a "bool interactive" parameter to InitPostgres,
> thereby shoving the issue out to the call sites. Still wouldn't
> expose the am_walsender angle, but conceivably it'd be more
> future-proof anyway?

I hesitated to suggest this exactly because of the WAL sender problem, but
it does seem slightly more future-proof, so +1 for this approach.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

In response to

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-22 22:44:04 from Tom Lane

Responses

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-23 17:23:24 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2022-07-22 22:58:48	Re: Refactoring the regression tests for more independence
Previous Message	Tom Lane	2022-07-22 22:44:04	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS