Re: Review of GetUserId() Usage

Поиск
Список
Период
Сортировка
От Andres Freund
Тема Re: Review of GetUserId() Usage
Дата
Msg-id 20141205144522.GB21772@awork2.anarazel.de
обсуждение исходный текст
Ответ на Re: Review of GetUserId() Usage  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Review of GetUserId() Usage
Список pgsql-hackers
Дерево обсуждения 
On 2014-12-05 09:28:13 -0500, Stephen Frost wrote:
>  static int
>  pg_signal_backend(int pid, int sig)
>  {
> @@ -113,7 +117,12 @@ pg_signal_backend(int pid, int sig)
>          return SIGNAL_BACKEND_ERROR;
>      }
>  
> -    if (!(superuser() || proc->roleId == GetUserId()))
> +    /* Only allow superusers to signal superuser-owned backends. */
> +    if (superuser_arg(proc->roleId) && !superuser())
> +        return SIGNAL_BACKEND_NOSUPERUSER;
> +
> +    /* Users can signal backends they have role membership in. */
> +    if (!has_privs_of_role(GetUserId(), proc->roleId))
>          return SIGNAL_BACKEND_NOPERMISSION;
>  
>      /*
> @@ -141,35 +150,49 @@ pg_signal_backend(int pid, int sig)
>  }

Is the 'Only allow superusers to signal superuser-owned backends' check
actually safe that way? I personally try to never use a superuser role
as the login user, but grant my account a superuser role that doesn't
inherit. But IIRC PGPROC->roleId won't change, even if a user does SET
ROLE.

Greetings,

Andres Freund

-- Andres Freund                       http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services

В списке pgsql-hackers по дате отправления: