Re: debugger from superuser only.... why?

From: Luca Ferrari <fluca1978(at)gmail(dot)com>
To: Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Александр Петросян <paf(at)yandex(dot)ru>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: debugger from superuser only.... why?
Date: 2023-09-28 06:35:01
Message-ID: CAKoxK+5tJHe84Xk7aAu+cyayMKK2eOYGqU=9=DhawNUbhcmFcg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wed, Sep 27, 2023 at 1:30 PM Alexander Petrossian
<alexander(dot)petrossian(at)gmail(dot)com> wrote:
>
> > 25 сент. 2023 г., в 17:28, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> написал(а):
> > Alexander Petrossian <alexander(dot)petrossian(at)gmail(dot)com> writes:
> >>>> I am wondering why is this, why not allow debugging for non-privileged users?
> > Even if there's a way to restrict
> > debugging connections to sessions owned by the same user,
>
> I guess, there is such a way. Looks trivial...
>

I think that any debugger in any environment can be nasty things,
being able to trace and modify a running "thing". Having said that, I
believe that the reason about why pldebugger needs superuser
privileges could be explained only by the authors (or someone reading
the code).
Quite frankly, I would point out that you probably would not allow
pldebugger to run on a production system, as well as you probably will
not debug your production application thing. flipping the coin, it
could be that requiring superuser privileges to attach the debugger is
a good thing, so you normal poor user don't risk to attach a malicious
debugger in a production environment (because you don't have superuser
privileges in a production environment, right?).
But again, I suspect only the authors can explain that.

Luca

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Dave Cramer 2023-09-28 09:32:37 Re: Right version of jdbc
Previous Message Philip Carlsen 2023-09-28 06:24:28 Re: valid casts to anyarray