Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS - Mailing list pgsql-hackers

From Nathan Bossart
Subject Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date
Msg-id 20220725043044.GC4085281@nathanxps13
Whole thread Raw
In response to Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
List pgsql-hackers
On Sun, Jul 24, 2022 at 11:49:23PM -0400, Tom Lane wrote:
> Nathan Bossart <nathandbossart@gmail.com> writes:
>> I noticed that a couple of places check whether whereToSendOutput is set to
>> DestRemote to determine if this is an interactive session.
> 
> IIRC, that would end in not loading the preload libraries in a standalone
> backend.  Perhaps that's what we want, but I'd supposed not.  Discuss.

Ah, I see.  There was a recent change to make sure shared_preload_libraries
are loaded in single-user mode (6c31ac0), but those are for load at "server
start" instead of "connection start."  However, AFAICT
session_preload_libraries is loaded in single-user mode today, and
single-user mode is arguably a connection, so my instinct is that we should
continue to process it in single-user mode.  I suppose we might be able to
add more hacks to load it in single-user mode without a new argument, but
at that point, we're probably not too far from your original proposal.
Given all this, I think I'm inclined for the new argument.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com



pgsql-hackers by date:

Previous
From: Zhang Mingli
Date:
Subject: Re: optimize lookups in snapshot [sub]xip arrays
Next
From: mahendrakar s
Date:
Subject: Re: A proposal for shared memory based backup infrastructure