Re: [HACKERS] Function to kill backend

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: "Patches (PostgreSQL)" <pgsql-patches(at)postgresql(dot)org>
Subject: Re: [HACKERS] Function to kill backend
Date: 2004-04-03 16:08:30
Message-ID: 406EE17E.4020103@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Magnus Hagander wrote:

>
>
>>I think any such facility is inherently a security risk, since it means
>>
>>
>>that a remote attacker who's managed to break into your superuser
>>account can randomly zap other backends. Now admittedly there's plenty
>>
>>
>>of other mischief he can do with superuser privs, but that doesn't mean
>>
>>
>>we should hand him a pre-loaded, pre-sighted cannon.
>>Having to log into the database server locally to execute such
>>operations doesn't seem that bad to me.
>>
>>
>
>It does to me. I prefer being able to admin the server without having to
>do a separate login. I also much prefer being able to delegate the
>capability to terminate a backend, interrupt a long-running query, etc
>to someone who does not have to have shell access on the server. I guess
>it depends on the environment.
>
>
>
>>Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
>>
>>
>
>
>
>>>If they can read/write your data (as superuser), killing backends is
>>>
>>>
>the
>
>
>>>least worry.
>>>
>>>
>
>That's pretty much the assumption I was working under.
>
>
>

Perhaps for the paranoid we could invent a setting which turns the
facility off. Personally, I don't usually allow a superuser *any* access
except from the local host - maybe that would be an answer.

cheers

andrew

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Greg Stark 2004-04-03 19:33:37 Re: Inconsistent behavior on Array & Is Null?
Previous Message Jochem van Dieten 2004-04-03 15:21:08 Re: Problems Vacuum'ing

Browse pgsql-patches by date

  From Date Subject
Next Message Magnus Hagander 2004-04-03 16:39:04 Re: MSFT compiler fixes + misc
Previous Message Magnus Hagander 2004-04-03 12:01:19 Re: Function to kill backend