Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
| От | Tom Lane |
|---|---|
| Тема | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |
| Дата | |
| Msg-id | 1883844.1663044542@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? (Bryn Llewellyn <bryn@yugabyte.com>) |
| Ответы |
Re: Is it possible to stop sessions killing eachother when they all authorize as the same role?
Re: Is it possible to stop sessions killing eachother when they all authorize as the same role? |
| Список | pgsql-general |
Bryn Llewellyn <bryn@yugabyte.com> writes:
> My non-superuser normalrole with direct login, "u1", is *still* able to invoke pg_terminate_backend() and kill other
"u1"sessions—even after this (as a super-user):
Really?
I did this in 14.5:
regression=# revoke execute on function pg_terminate_backend from public;
REVOKE
regression=# select proacl from pg_proc where proname = 'pg_terminate_backend';
proacl
-----------------------
{postgres=X/postgres}
(1 row)
(as expected, the superuser's own execute permission is all that remains)
regression=# create user joe;
CREATE ROLE
regression=# \c - joe
You are now connected to database "regression" as user "joe".
regression=> select pg_terminate_backend(42);
ERROR: permission denied for function pg_terminate_backend
> It very much looks as if what I have describe was deemed to be a bug (after that behavior had survived from at least
version11) and that it's now been fixed!
No, it very much looks like pilot error. But you've not shown
us exactly what your test consisted of, so it's hard to say just
where it went off the rails.
regards, tom lane
В списке pgsql-general по дате отправления: