| From: | Hemanth Sandrana <hemanthforpostgres(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | mahendrakarforpg(at)gmail(dot)com |
| Subject: | prevent non-superuser terminate bgworker running as superuser |
| Date: | 2023-10-19 17:49:09 |
| Message-ID: | CAAB6CY5H7Yp3jfMWP25tA0AMYbY5eSogS7GNbGEXN0KRmmxy1g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi All,
Currently, BackgroundWorker connected to a database by calling
BackgroundWorkerInitializeConnection with username as NULL can be
terminated by non-superuser with pg_signal_backend privilege. When the
username is NULL the bgworker process runs as superuser (which is
expected as per the documentation -
https://www.postgresql.org/docs/current/bgworker.html ), but can the
non-superuser (with pg_signal_backend) terminate this superuser owned
process?
We (Mahendrakar and Myself) think that this is a bug and proposing a
fix that sets MyProc->roleId to BOOTSTRAP_SUPERUSERID, similar to
InitializeSessionUserId, to prevent non-superuser terminating it.
Please let us know your comments.
Thanks,
Hemanth Sandrana
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-prevent-non-superuser-terminating-superuser-owned.patch | application/octet-stream | 824 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2023-10-19 18:48:56 | Re: New WAL record to detect the checkpoint redo location |
| Previous Message | Robert Haas | 2023-10-19 17:44:20 | controlling meson's parallelism (and some whining) |