Home > mailing lists

Re: Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks. - Mailing list pgsql-general

From	Merlin Moncure
Subject	Re: Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks.
Date	April 4, 2012 18:19:21
Msg-id	CAHyXU0zyPuFkkR-Br_VB+dBBg2xE8XUe0F0453Qg1PPp9L3B-A@mail.gmail.com Whole thread Raw
In response to	Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks. (leaf_yxj <leaf_yxj@163.com>)
List	pgsql-general

Tree view

On Wed, Apr 4, 2012 at 12:24 PM, leaf_yxj <leaf_yxj@163.com> wrote:
> Hi Aaron: thanks. I tried the security definer. it works well as follows :
>
> CREATE FUNCTION kill_process(integer) RETURNS boolean AS 'select
> pg_cancel_backend($1);' LANGUAGE SQL SECURITY DEFINER;
>
> ---- One more question about this function : if non-super user get the
> execute this function, he/her will have privilege to kill all the processes
> which belong to the postgresql process. How can we avoid that happing.

maybe, inside kill_process, do a quick check against pg_stat_activity
and bail if the process doesn't belong to a known usename?

merlin

pgsql-general by date:

From: Thomas Kellerer
Date: 04 April 2012, 17:52:03
Subject: Re: views, queries, and locks

From: Eliot Gable
Date: 04 April 2012, 18:21:44
Subject: Leaky Perl / DBIx / Postgres 9.0.1 Trio

Re: Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks. - Mailing list pgsql-general

Previous

Next