You might remember we added a postmaster/postgres -b switch to indicate
binary upgrade mode. The attached patch prevents any client without an
application_name of 'binary-upgrade' from connecting to the cluster
while it is binary upgrade mode. This helps prevent unauthorized users
from connecting during the upgrade. This will not help for clusters
that do not have the -b flag, e.g. pre-9.1.
Does this seem useful? Something for 9.1 or 9.2?
This idea came from Andrew Dunstan via IRC during a pg_upgrade run by
Stephen Frost when some clients accidentally connected. (Stephen reran
pg_upgrade successfully.)
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
diff --git a/contrib/pg_upgrade/pg_upgrade.c b/contrib/pg_upgrade/pg_upgrade.c
new file mode 100644
index e329dc3..0b6fb61
*** a/contrib/pg_upgrade/pg_upgrade.c
--- b/contrib/pg_upgrade/pg_upgrade.c
*************** setup(char *argv0, bool live_check)
*** 171,176 ****
--- 171,178 ----
*last_dir_separator(exec_path) = '\0';
canonicalize_path(exec_path);
os_info.exec_path = pg_strdup(exec_path);
+
+ pg_putenv("PGAPPNAME", "binary-upgrade");
}
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
new file mode 100644
index 8347f52..f359af2
*** a/src/backend/utils/init/postinit.c
--- b/src/backend/utils/init/postinit.c
*************** InitPostgres(const char *in_dbname, Oid
*** 833,838 ****
--- 833,848 ----
if (MyProcPort != NULL)
process_startup_options(MyProcPort, am_superuser);
+ /*
+ * Binary upgrades only allow the proper application name
+ */
+ if (IsBinaryUpgrade && strcmp(application_name, "binary-upgrade") != 0)
+ {
+ ereport(FATAL,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("the application name must be \"binary-upgrade\" to connect in binary upgrade mode")));
+ }
+
/* Process pg_db_role_setting options */
process_settings(MyDatabaseId, GetSessionUserId());
