| From: | Jelte Fennema <postgres(at)jeltef(dot)nl> |
|---|---|
| To: | Hemanth Sandrana <hemanthforpostgres(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, mahendrakarforpg(at)gmail(dot)com |
| Subject: | Re: prevent non-superuser terminate bgworker running as superuser |
| Date: | 2023-10-19 20:47:19 |
| Message-ID: | CAGECzQRBZDzV-Ay7aAZ9vP+bsJFYCPNqi4O-0LZUh7-xHMC6OQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
This seems like it should even be considered a security honestly.
On Thu, 19 Oct 2023, 19:49 Hemanth Sandrana, <hemanthforpostgres(at)gmail(dot)com>
wrote:
> Hi All,
>
> Currently, BackgroundWorker connected to a database by calling
> BackgroundWorkerInitializeConnection with username as NULL can be
> terminated by non-superuser with pg_signal_backend privilege. When the
> username is NULL the bgworker process runs as superuser (which is
> expected as per the documentation -
> https://www.postgresql.org/docs/current/bgworker.html ), but can the
> non-superuser (with pg_signal_backend) terminate this superuser owned
> process?
> We (Mahendrakar and Myself) think that this is a bug and proposing a
> fix that sets MyProc->roleId to BOOTSTRAP_SUPERUSERID, similar to
> InitializeSessionUserId, to prevent non-superuser terminating it.
>
> Please let us know your comments.
>
> Thanks,
> Hemanth Sandrana
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2023-10-19 22:01:23 | Re: Parent/child context relation in pg_get_backend_memory_contexts() |
| Previous Message | Michael Banck | 2023-10-19 20:30:04 | Re: [patch] pg_basebackup: mention that spread checkpoints are the default in --help |