Re: prevent non-superuser terminate bgworker running as superuser

Поиск
Список
Период
Сортировка
От Jelte Fennema
Тема Re: prevent non-superuser terminate bgworker running as superuser
Дата
Msg-id CAGECzQRBZDzV-Ay7aAZ9vP+bsJFYCPNqi4O-0LZUh7-xHMC6OQ@mail.gmail.com
обсуждение исходный текст
Ответ на prevent non-superuser terminate bgworker running as superuser  (Hemanth Sandrana <hemanthforpostgres@gmail.com>)
Список pgsql-hackers
Дерево обсуждения
This seems like it should even be considered a security honestly. 

On Thu, 19 Oct 2023, 19:49 Hemanth Sandrana, <hemanthforpostgres@gmail.com> wrote:
Hi All,

Currently, BackgroundWorker connected to a database by calling
BackgroundWorkerInitializeConnection with username as NULL can be
terminated by non-superuser with pg_signal_backend privilege. When the
username is NULL the bgworker process runs as superuser (which is
expected as per the documentation -
https://www.postgresql.org/docs/current/bgworker.html ), but can the
non-superuser (with pg_signal_backend) terminate this superuser owned
process?
We (Mahendrakar and Myself) think that this is a bug and proposing a
fix that sets MyProc->roleId to BOOTSTRAP_SUPERUSERID, similar to
InitializeSessionUserId, to prevent non-superuser terminating it.

Please let us know your comments.

Thanks,
Hemanth Sandrana

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Banck
Дата:
Сообщение: Re: [patch] pg_basebackup: mention that spread checkpoints are the default in --help
Следующее
От: Stephen Frost
Дата:
Сообщение: Re: Parent/child context relation in pg_get_backend_memory_contexts()