Home > mailing lists

Re: [PATCH] Expose port->authn_id to extensions and triggers - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: [PATCH] Expose port->authn_id to extensions and triggers
Date	March 3, 2022 00:27:40
Msg-id	20220302212740.krbycl3nzvp5y2k5@alap3.anarazel.de Whole thread Raw
In response to	Re: [PATCH] Expose port->authn_id to extensions and triggers (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [PATCH] Expose port->authn_id to extensions and triggers (Michael Paquier <michael@paquier.xyz>) Re: [PATCH] Expose port->authn_id to extensions and triggers (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

Hi,

On 2022-03-01 08:35:27 -0500, Stephen Frost wrote:
> I'm not really sure why we're arguing about this, but clearly the authn
> ID of the leader process is what should be used because that's the
> authentication under which the parallel worker is running, just as much
> as the effective role is the authorization.  Having this be available in
> worker processes would certainly be good as it would allow more query
> plans to be considered when these functions are used.  At this time, I
> don't think that outweighs the complications around having it and I'm
> not suggesting that Jacob needs to go do that, but surely it would be
> better.

I don't think we should commit this without synchronizing the authn between
worker / leader (in a separate commit). Too likely that some function that's
marked parallel ok queries the authn_id, opening up a security/monitoring hole
or such because of a bogus return value.

Greetings,

Andres Freund

pgsql-hackers by date:

From: Andres Freund
Date: 03 March 2022, 00:22:34
Subject: Re: Add 64-bit XIDs into PostgreSQL 15

From: Robert Haas
Date: 03 March 2022, 00:27:47
Subject: Re: wrong fds used for refilenodes after pg_upgrade relfilenode changes Reply-To:

Re: [PATCH] Expose port->authn_id to extensions and triggers - Mailing list pgsql-hackers

Previous

Next