Set GUC "is_superuser" in all processes that set AuthenticatedUserId.

It was always false in single-user mode, in autovacuum workers, and in background workers. This had no specifically-identified security consequences, but non-core code or future work might make it security-relevant. Back-patch to v11 (all supported versions). Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
author: Noah Misch <noah@leadboat.com> 2023-11-06 06:14:13 -0800
committer: Noah Misch <noah@leadboat.com> 2023-11-06 06:14:13 -0800
commit: b72de09a1b8e55774b70add4de0f8c59cef6cf6f (patch)
tree: d91727a2e08d062b829aa360f1adbb7341793b71 /src
parent: 3a9b18b3095366cd0c4305441d426d04572d88c1 (diff)
download: postgresql-b72de09a1b8e55774b70add4de0f8c59cef6cf6f.tar.gz
postgresql-b72de09a1b8e55774b70add4de0f8c59cef6cf6f.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index 182d666852f..cfc5afaa6fd 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -842,6 +842,14 @@ InitializeSessionUserIdStandalone(void)
 
 	AuthenticatedUserId = BOOTSTRAP_SUPERUSERID;
 	SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
+
+	/*
+	 * XXX This should set SetConfigOption("session_authorization"), too.
+	 * Since we don't, C code will get NULL, and current_setting() will get an
+	 * empty string.
+	 */
+	SetConfigOption("is_superuser", "on",
+					PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
 }
 
 /*
author	Noah Misch <noah@leadboat.com>	2023-11-06 06:14:13 -0800
committer	Noah Misch <noah@leadboat.com>	2023-11-06 06:14:13 -0800
commit	b72de09a1b8e55774b70add4de0f8c59cef6cf6f (patch)
tree	d91727a2e08d062b829aa360f1adbb7341793b71 /src
parent	3a9b18b3095366cd0c4305441d426d04572d88c1 (diff)
download	postgresql-b72de09a1b8e55774b70add4de0f8c59cef6cf6f.tar.gz postgresql-b72de09a1b8e55774b70add4de0f8c59cef6cf6f.zip