Re: debugger from superuser only.... why?

Поиск
Список
Период
Сортировка
От Luca Ferrari
Тема Re: debugger from superuser only.... why?
Дата
Msg-id CAKoxK+5tJHe84Xk7aAu+cyayMKK2eOYGqU=9=DhawNUbhcmFcg@mail.gmail.com
обсуждение исходный текст
Ответ на Re: debugger from superuser only.... why?  (Alexander Petrossian <alexander.petrossian@gmail.com>)
Список pgsql-general
On Wed, Sep 27, 2023 at 1:30 PM Alexander Petrossian
<alexander.petrossian@gmail.com> wrote:
>
> > 25 сент. 2023 г., в 17:28, Tom Lane <tgl@sss.pgh.pa.us> написал(а):
> > Alexander Petrossian <alexander.petrossian@gmail.com> writes:
> >>>> I am wondering why is this, why not allow debugging for non-privileged users?
> > Even if there's a way to restrict
> > debugging connections to sessions owned by the same user,
>
> I guess, there is such a way. Looks trivial...
>


I think that any debugger in any environment can be nasty things,
being able to trace and modify a running "thing". Having said that, I
believe that the reason about why pldebugger needs superuser
privileges could be explained only by the authors (or someone reading
the code).
Quite frankly, I would point out that you probably would not allow
pldebugger to run on a production system, as well as you probably will
not debug your production application thing. flipping the coin, it
could be that requiring superuser privileges to attach the debugger is
a good thing, so you normal poor user don't risk to attach a malicious
debugger in a production environment (because you don't have superuser
privileges in a production environment, right?).
But again, I suspect only the authors can explain that.

Luca



В списке pgsql-general по дате отправления:

Предыдущее
От: Philip Carlsen
Дата:
Сообщение: Re: valid casts to anyarray
Следующее
От: Dave Cramer
Дата:
Сообщение: Re: Right version of jdbc