]> git.ipfire.org Git - thirdparty/postgresql.git/commitdiff
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
authorNoah Misch <noah@leadboat.com>
Mon, 6 Nov 2023 14:14:13 +0000 (06:14 -0800)
committerNoah Misch <noah@leadboat.com>
Mon, 6 Nov 2023 14:14:17 +0000 (06:14 -0800)
It was always false in single-user mode, in autovacuum workers, and in
background workers.  This had no specifically-identified security
consequences, but non-core code or future work might make it
security-relevant.  Back-patch to v11 (all supported versions).

Jelte Fennema-Nio.  Reported by Jelte Fennema-Nio.

src/backend/utils/init/miscinit.c

index f6c1e7491dd9d4adca06aaf3e0ca9c7b1896eab7..425498c1a7437c767c2542740c919a9a45c52429 100644 (file)
@@ -708,6 +708,14 @@ InitializeSessionUserIdStandalone(void)
        AuthenticatedUserIsSuperuser = true;
 
        SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
+
+       /*
+        * XXX This should set SetConfigOption("session_authorization"), too.
+        * Since we don't, C code will get NULL, and current_setting() will get an
+        * empty string.
+        */
+       SetConfigOption("is_superuser", "on",
+                                       PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
 }