Skip to content

Commit b72de09

Browse files
nmischnmisch
committed
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
It was always false in single-user mode, in autovacuum workers, and in background workers. This had no specifically-identified security consequences, but non-core code or future work might make it security-relevant. Back-patch to v11 (all supported versions). Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
1 parent 3a9b18b commit b72de09

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

src/backend/utils/init/miscinit.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -842,6 +842,14 @@ InitializeSessionUserIdStandalone(void)
842842

843843
AuthenticatedUserId = BOOTSTRAP_SUPERUSERID;
844844
SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
845+
846+
/*
847+
* XXX This should set SetConfigOption("session_authorization"), too.
848+
* Since we don't, C code will get NULL, and current_setting() will get an
849+
* empty string.
850+
*/
851+
SetConfigOption("is_superuser", "on",
852+
PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
845853
}
846854

847855
/*

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy