Home > mailing lists

Re: debugger from superuser only.... why? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: debugger from superuser only.... why?
Date	September 27, 2023 16:52:09
Msg-id	598114.1695822729@sss.pgh.pa.us Whole thread Raw
In response to	Re: debugger from superuser only.... why? (Alexander Petrossian <alexander.petrossian@gmail.com>)
List	pgsql-general

Tree view

Alexander Petrossian <alexander.petrossian@gmail.com> writes:
> 25 сент. 2023 г., в 17:28, Tom Lane <tgl@sss.pgh.pa.us> написал(а):
>> you’d have a big problem with being able to change the behavior of
>> security-definer functions.

> Could you please elaborate on this, Tom?

pldebugger allows you to change the contents of a function's
local variables.  Obviously the threat level would depend a lot
on the details of the particular function, but it's not hard
to envision cases where that would be enough to make the function
do something other than what it was supposed to.

            regards, tom lane

pgsql-general by date:

From: Alexander Petrossian
Date: 27 September 2023, 14:30:43
Subject: Re: debugger from superuser only.... why?

From: Laurenz Albe
Date: 27 September 2023, 17:49:51
Subject: Re: valid casts to anyarray

Re: debugger from superuser only.... why? - Mailing list pgsql-general

Previous

Next