Quick Links

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Dagfinn Ilmari Mannsåker <ilmari(at)ilmari(dot)org>
Cc:	Nathan Bossart <nathandbossart(at)gmail(dot)com>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, michael(at)paquier(dot)xyz, gurjeet(at)singh(dot)im, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date:	2022-07-26 16:04:33
Message-ID:	2361560.1658851473@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

=?utf-8?Q?Dagfinn_Ilmari_Manns=C3=A5ker?= <ilmari(at)ilmari(dot)org> writes:
> Thanks! Just one minor nitpick: setting an %ENV entry to `undef`
> doesn't unset the environment variable, it sets it to the empty string.
> To unset a variable it needs to be deleted from %ENV, i.e. `delete
> $ENV{PGUSER};`.

Ah. Still, libpq doesn't distinguish, so the test works anyway.
Not sure if it's worth changing.

regards, tom lane

In response to

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-26 16:02:40 from Dagfinn Ilmari Mannsåker

Responses

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-27 23:01:00 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	David G. Johnston	2022-07-26 16:11:52	Re: BUG #17434: CREATE/DROP DATABASE can be executed in the same transaction with other commands
Previous Message	Tom Lane	2022-07-26 16:03:06	Re: BUG #17434: CREATE/DROP DATABASE can be executed in the same transaction with other commands