Re: Allow non-superuser to cancel superuser tasks.
| От | Kirill Reshke |
|---|---|
| Тема | Re: Allow non-superuser to cancel superuser tasks. |
| Дата | |
| Msg-id | CALdSSPjVmZMcFm14dzzAGenssJAmV400wBYA=UNWMi9aJeXJMw@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Allow non-superuser to cancel superuser tasks. (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: Allow non-superuser to cancel superuser tasks.
|
| Список | pgsql-hackers |
Hi, thanks for looking into this.
On Tue, 9 Apr 2024 at 08:53, Michael Paquier <michael@paquier.xyz> wrote:
On Mon, Apr 08, 2024 at 05:42:05PM +0000, Leung, Anthony wrote:
> Are you suggesting that we check if the backend is B_AUTOVAC in
> pg_cancel/ terminate_backend? That seems a bit unclean to me since
> pg_cancel_backend & pg_cancel_backend does not access to the
> procNumber to check the type of the backend.
>
> IMHO, we can keep SIGNAL_BACKEND_NOAUTOVACUUM but just improve the
> errmsg / errdetail to not expose that the backend is an AV
> worker. It'll also be helpful if you can suggest what errdetail we
> should use here.
The thing is that you cannot rely on a lookup of the backend type for
the error information, or you open yourself to letting the caller of
pg_cancel_backend or pg_terminate_backend know if a backend is
controlled by a superuser or if a backend is an autovacuum worker.
Good catch. Thanks. I think we need to update the error message to not leak backend type info.
> The choice of pg_signal_autovacuum is a bit inconsistent, as well,
> because autovacuum workers operate like regular backends. This name
> can also be confused with the autovacuum launcher.
> because autovacuum workers operate like regular backends. This name
> can also be confused with the autovacuum launcher.
Ok. What would be a good choice? Is `pg_signal_autovacuum_worker` good enough?
В списке pgsql-hackers по дате отправления: