Re: [pgAdmin4][Patch] To fix the issue in Debugger module

From: Murtuza Zabuawala <murtuza(dot)zabuawala(at)enterprisedb(dot)com>
To: Dave Page <dpage(at)pgadmin(dot)org>
Cc: pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>
Subject: Re: [pgAdmin4][Patch] To fix the issue in Debugger module
Date: 2017-06-27 08:21:29
Message-ID: CAKKotZTyqsEHJ8p+FYU2sCA7gnr6WMWGEHpTLhbXEm70jj6ZiQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgadmin-hackers

Hi Dave

Please find updated patch,

On Fri, Jun 23, 2017 at 7:09 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:

> Hi
>
> I'm unable to properly test this, as the debugger doesn't even seem to
> launch for a non-superuser. I just get a white tab, and a whole lot of
> polling indefinitely. Can you debug if you're not a superuser, but you
> own the function?
>
> I tested this scenario both ways,
1) Direct debugging: I was able to debug function, when debugger library is
loaded via shared preload libraries and also when it is not loaded.
2) Indirect debugging: I was not able to debug.
So, I have added the validation in both Server and Client side, Now we will
not show the option for the same if user is non-super user.

Looking at the patch itself, I wonder if the logic is still a little
> off. You need to be a superuser to use indirect debugging (because of
> the DOS potential), so shouldn't the superuser check be changed to "if
> !superuser then throw error"? As it is, if you're not superuser then
> it just skips the check for the plugin, which seems like it'll never
> end well.
>
> Fixed.

>
> On Fri, Jun 23, 2017 at 1:35 PM, Murtuza Zabuawala
> <murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> > Hi Dave,
> >
> > Please find updated patch.
> >
> > --
> > Regards,
> > Murtuza Zabuawala
> > EnterpriseDB: http://www.enterprisedb.com
> > The Enterprise PostgreSQL Company
> >
> > On Fri, Jun 23, 2017 at 2:38 PM, Murtuza Zabuawala
> > <murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> >>
> >> Yes, I'm looking into it, I will send updated patch.
> >>
> >> --
> >> Regards,
> >> Murtuza Zabuawala
> >> EnterpriseDB: http://www.enterprisedb.com
> >> The Enterprise PostgreSQL Company
> >>
> >> On Fri, Jun 23, 2017 at 2:32 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
> >>>
> >>> On Fri, Jun 23, 2017 at 9:56 AM, Murtuza Zabuawala
> >>> <murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> >>> > Yes Dave,
> >>> >
> >>> > You are right, I tested and found that indirect debugging is not
> >>> > working.
> >>> > But otherwise for direct debugging it works properly.
> >>>
> >>> Does the patch take that into account, or are you modifying it?
> >>>
> >>> > On Fri, Jun 23, 2017 at 1:20 PM, Dave Page <dpage(at)pgadmin(dot)org>
> wrote:
> >>> >>
> >>> >> On Fri, Jun 23, 2017 at 7:16 AM, Murtuza Zabuawala
> >>> >> <murtuza(dot)zabuawala(at)enterprisedb(dot)com> wrote:
> >>> >> > Hi,
> >>> >> >
> >>> >> > PFA patch to fix the issue in Debugger module where it was unable
> to
> >>> >> > start
> >>> >> > debugging if 'plugin_debugger' can not found in
> >>> >> > shared_preload_libraries.
> >>> >> > RM#2162
> >>> >> >
> >>> >> > Original patch by: Kit Yam Tse
> >>> >> > (who reported the issue)
> >>> >> >
> >>> >> > I just re-based it against current code.
> >>> >>
> >>> >> Isn't that code required? We do need plugin_debugger to be present
> for
> >>> >> global (indirect) debugging to work. I suppose it may not be
> required
> >>> >> for direct debugging, but I haven't tested that.
> >>> >>
> >>> >>
> >>> >> --
> >>> >> Dave Page
> >>> >> Blog: http://pgsnake.blogspot.com
> >>> >> Twitter: @pgsnake
> >>> >>
> >>> >> EnterpriseDB UK: http://www.enterprisedb.com
> >>> >> The Enterprise PostgreSQL Company
> >>> >
> >>> >
> >>>
> >>>
> >>>
> >>> --
> >>> Dave Page
> >>> Blog: http://pgsnake.blogspot.com
> >>> Twitter: @pgsnake
> >>>
> >>> EnterpriseDB UK: http://www.enterprisedb.com
> >>> The Enterprise PostgreSQL Company
> >>
> >>
> >
>
>
>
> --
> Dave Page
> Blog: http://pgsnake.blogspot.com
> Twitter: @pgsnake
>
> EnterpriseDB UK: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>

Attachment Content-Type Size
RM_2162_v2.patch application/octet-stream 7.7 KB

In response to

Responses

Browse pgadmin-hackers by date

  From Date Subject
Next Message Ladislav Jech 2017-06-27 09:32:11 crypto.py bug on server add form (button save) with python 3.5 - Can't convert 'bytes' object to str implicitly
Previous Message Harshal Dhumal 2017-06-27 07:26:34 Re: [pgadmin-hackers] Re: Server side cursor limitations for on demand loading of data in query tool [RM2137] [pgAdmin4]