Home > mailing lists

Re: Review of GetUserId() Usage - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: Review of GetUserId() Usage
Date	December 5, 2014 17:45:47
Msg-id	20141205144522.GB21772@awork2.anarazel.de Whole thread Raw
In response to	Re: Review of GetUserId() Usage (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Review of GetUserId() Usage (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 2014-12-05 09:28:13 -0500, Stephen Frost wrote:
>  static int
>  pg_signal_backend(int pid, int sig)
>  {
> @@ -113,7 +117,12 @@ pg_signal_backend(int pid, int sig)
>          return SIGNAL_BACKEND_ERROR;
>      }
>  
> -    if (!(superuser() || proc->roleId == GetUserId()))
> +    /* Only allow superusers to signal superuser-owned backends. */
> +    if (superuser_arg(proc->roleId) && !superuser())
> +        return SIGNAL_BACKEND_NOSUPERUSER;
> +
> +    /* Users can signal backends they have role membership in. */
> +    if (!has_privs_of_role(GetUserId(), proc->roleId))
>          return SIGNAL_BACKEND_NOPERMISSION;
>  
>      /*
> @@ -141,35 +150,49 @@ pg_signal_backend(int pid, int sig)
>  }

Is the 'Only allow superusers to signal superuser-owned backends' check
actually safe that way? I personally try to never use a superuser role
as the login user, but grant my account a superuser role that doesn't
inherit. But IIRC PGPROC->roleId won't change, even if a user does SET
ROLE.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

pgsql-hackers by date:

From: Stephen Frost
Date: 05 December 2014, 17:28:18
Subject: Re: Review of GetUserId() Usage

From: Stephen Frost
Date: 05 December 2014, 18:03:00
Subject: Re: Review of GetUserId() Usage

Re: Review of GetUserId() Usage - Mailing list pgsql-hackers

Previous

Next