Re: debugger from superuser only.... why?

On Wed, Sep 27, 2023 at 1:30 PM Alexander Petrossian
<alexander(dot)petrossian(at)gmail(dot)com> wrote:
>
> > 25 сент. 2023 г., в 17:28, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> написал(а):
> > Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> writes:
> >>>> I am wondering why is this, why not allow debugging for non-privileged users?
> > Even if there's a way to restrict
> > debugging connections to sessions owned by the same user,
>
> I guess, there is such a way. Looks trivial...
>

I think that any debugger in any environment can be nasty things,
being able to trace and modify a running "thing". Having said that, I
believe that the reason about why pldebugger needs superuser
privileges could be explained only by the authors (or someone reading
the code).
Quite frankly, I would point out that you probably would not allow
pldebugger to run on a production system, as well as you probably will
not debug your production application thing. flipping the coin, it
could be that requiring superuser privileges to attach the debugger is
a good thing, so you normal poor user don't risk to attach a malicious
debugger in a production environment (because you don't have superuser
privileges in a production environment, right?).
But again, I suspect only the authors can explain that.

Luca