Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b72de09

Browse filesBrowse files
nmischnmisch
committed
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
It was always false in single-user mode, in autovacuum workers, and in background workers. This had no specifically-identified security consequences, but non-core code or future work might make it security-relevant. Back-patch to v11 (all supported versions). Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
1 parent 3a9b18b commit b72de09
Copy full SHA for b72de09

File tree

1 file changed

+8
-0
lines changed
Filter options

1 file changed

+8
-0
lines changed

‎src/backend/utils/init/miscinit.c

Copy file name to clipboardExpand all lines: src/backend/utils/init/miscinit.c
+8Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -842,6 +842,14 @@ InitializeSessionUserIdStandalone(void)
842842

843843
AuthenticatedUserId = BOOTSTRAP_SUPERUSERID;
844844
SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
845+
846+
/*
847+
* XXX This should set SetConfigOption("session_authorization"), too.
848+
* Since we don't, C code will get NULL, and current_setting() will get an
849+
* empty string.
850+
*/
851+
SetConfigOption("is_superuser", "on",
852+
PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
845853
}
846854

847855
/*

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.