Home > mailing lists

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS - Mailing list pgsql-hackers

From	Nathan Bossart
Subject	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date	July 23, 2022 01:33:59
Msg-id	20220722223359.GB3998906@nathanxps13 Whole thread Raw
In response to	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
List	pgsql-hackers

Tree view

On Fri, Jul 22, 2022 at 02:56:22PM -0400, Tom Lane wrote:
> +    /*
> +     * If this is an interactive session, load any libraries that should be
> +     * preloaded at backend start.  Since those are determined by GUCs, this
> +     * can't happen until GUC settings are complete, but we want it to happen
> +     * during the initial transaction in case anything that requires database
> +     * access needs to be done.
> +     */
> +    if (!bootstrap &&
> +        !IsAutoVacuumWorkerProcess() &&
> +        !IsBackgroundWorker &&
> +        !am_walsender)
> +        process_session_preload_libraries();

I worry that this will be easily missed when adding new types of
non-interactive sessions, but I can't claim to have a better idea.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

pgsql-hackers by date:

From: Nathan Bossart
Date: 23 July 2022, 01:25:16
Subject: Re: privileges for ALTER ROLE/DATABASE SET

From: Tom Lane
Date: 23 July 2022, 01:44:04
Subject: Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS - Mailing list pgsql-hackers

Previous

Next