Re: debugger from superuser only.... why? - Mailing list pgsql-general

From Luca Ferrari
Subject Re: debugger from superuser only.... why?
Date
Msg-id CAKoxK+5tJHe84Xk7aAu+cyayMKK2eOYGqU=9=DhawNUbhcmFcg@mail.gmail.com
Whole thread Raw
In response to Re: debugger from superuser only.... why?  (Alexander Petrossian <alexander.petrossian@gmail.com>)
List pgsql-general
On Wed, Sep 27, 2023 at 1:30 PM Alexander Petrossian
<alexander.petrossian@gmail.com> wrote:
>
> > 25 сент. 2023 г., в 17:28, Tom Lane <tgl@sss.pgh.pa.us> написал(а):
> > Alexander Petrossian <alexander.petrossian@gmail.com> writes:
> >>>> I am wondering why is this, why not allow debugging for non-privileged users?
> > Even if there's a way to restrict
> > debugging connections to sessions owned by the same user,
>
> I guess, there is such a way. Looks trivial...
>


I think that any debugger in any environment can be nasty things,
being able to trace and modify a running "thing". Having said that, I
believe that the reason about why pldebugger needs superuser
privileges could be explained only by the authors (or someone reading
the code).
Quite frankly, I would point out that you probably would not allow
pldebugger to run on a production system, as well as you probably will
not debug your production application thing. flipping the coin, it
could be that requiring superuser privileges to attach the debugger is
a good thing, so you normal poor user don't risk to attach a malicious
debugger in a production environment (because you don't have superuser
privileges in a production environment, right?).
But again, I suspect only the authors can explain that.

Luca



pgsql-general by date:

Previous
From: Philip Carlsen
Date:
Subject: Re: valid casts to anyarray
Next
From: Dave Cramer
Date:
Subject: Re: Right version of jdbc