diff options
| author | Noah Misch <noah@leadboat.com> | 2023-11-06 06:14:13 -0800 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2023-11-06 06:14:17 -0800 |
| commit | ecd5d240c5965b5127e1c2fdf93c9fc61f2d1acd (patch) | |
| tree | 1e48a8041ab06a4bd66c99d4c8748062226c952f | |
| parent | 508acb901e31cf10fcac0ff9304d3d2d33bb2b2f (diff) | |
| download | postgresql-ecd5d240c5965b5127e1c2fdf93c9fc61f2d1acd.tar.gz postgresql-ecd5d240c5965b5127e1c2fdf93c9fc61f2d1acd.zip | |
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
It was always false in single-user mode, in autovacuum workers, and in
background workers. This had no specifically-identified security
consequences, but non-core code or future work might make it
security-relevant. Back-patch to v11 (all supported versions).
Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 922f553512e..1f0b3175aed 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -797,6 +797,14 @@ InitializeSessionUserIdStandalone(void) AuthenticatedUserIsSuperuser = true; SetSessionUserId(BOOTSTRAP_SUPERUSERID, true); + + /* + * XXX This should set SetConfigOption("session_authorization"), too. + * Since we don't, C code will get NULL, and current_setting() will get an + * empty string. + */ + SetConfigOption("is_superuser", "on", + PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT); } |