| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Zhijie Hou (Fujitsu)" <houzj(dot)fnst(at)fujitsu(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Subject: | Re: Connection limits/permissions, slotsync workers, etc |
| Date: | 2024-12-27 20:51:50 |
| Message-ID: | 2546145.1735332710@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Also, here's a patch for the rest of what I was talking about.
We'll need to back-patch this given that the CVE-2024-10978 changes
caused these sorts of problems in all branches, but I've not yet
attempted to back-patch. It looks like it might be a bit painful
thanks to past code churn in these areas.
I didn't do anything about the idea of making rolconnlimit applicable
to superusers. If we do that at all, it should only be in HEAD.
Also, I got a shade less enthusiastic about it after noting that this
logic is parallel to that for datconnlimit, and it does seems sensible
to allow superusers to ignore datconnlimit. Maybe it's fine for the
two limits to operate differently, but I'm unsure.
Also, it probably would make sense to rename PGPROC.isBackgroundWorker
to isRegularBackend (inverting the sense of the boolean), but that
doesn't seem like back-patch material either, so I didn't include it
here. I think we can get away with a subtle adjustment of which
processes that flag is set for in the back branches, but not with
renaming it.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Exclude-parallel-workers-from-connection-privileg.patch | text/x-diff | 14.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David E. Wheeler | 2024-12-27 22:02:56 | Re: Add Postgres module info |
| Previous Message | Bruce Momjian | 2024-12-27 19:58:35 | Re: [PATCHES] Post-special page storage TDE support |