Home > mailing lists

Re: debugger from superuser only.... why? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: debugger from superuser only.... why?
Date	September 25, 2023 17:28:34
Msg-id	170505.1695652114@sss.pgh.pa.us Whole thread Raw
In response to	Re: debugger from superuser only.... why? (Alexander Petrossian <alexander.petrossian@gmail.com>)
Responses	Re: debugger from superuser only.... why? (Alexander Petrossian <alexander.petrossian@gmail.com>)
List	pgsql-general

Tree view

Alexander Petrossian <alexander.petrossian@gmail.com> writes:
>>> I am wondering why is this, why not allow debugging for non-privileged users?

Seems obvious to me that it'd be a nasty security hole, ie you could
take control of somebody else's session and make it do things you
don't have permissions for.  Even if there's a way to restrict
debugging connections to sessions owned by the same user, you'd
have a big problem with being able to change the behavior of
security-definer functions.  Clearly, the authors of pldebugger
decided that was a can of worms they didn't care to open.

            regards, tom lane

pgsql-general by date:

From: Luca Ferrari
Date: 25 September 2023, 16:32:22
Subject: Re: debugger from superuser only.... why?

From: Brad White
Date: 25 September 2023, 17:42:16
Subject: Move from v9.4 to v15

Re: debugger from superuser only.... why? - Mailing list pgsql-general

Previous

Next