Re: [HACKERS] GUC --- prevent non-super user changes

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Robert Treat <xzilla(at)users(dot)sourceforge(dot)net>
Cc: pgsql-patches(at)postgresql(dot)org
Subject: Re: [HACKERS] GUC --- prevent non-super user changes
Date: 2003-06-11 22:29:33
Message-ID: 200306112229.h5BMTXP21826@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Robert Treat wrote:
> On Wed, 2003-06-11 at 01:01, Bruce Momjian wrote:
> > Here is a proposed fix for the new SUSET of various variables. The
> > solution is to create a new GUC context called PGC_USERLIMIT, which
> > limits changes by non-super users. For example, non-super users can
> > turn on logging, but can't turn it off, and log_min_* logging can have
> > added output, but not less output.
> >
>
> Is there a danger here that users can crank logging up to the max and
> either crash a server due to i/o load, or perhaps create enough "noise"
> to cover tracks of something malicious?

There perhaps is, but if they can connect to the database, I would think
there would be other worse things they can do.

The base problem is that we don't know if the person is a super user
until we connect to pg_shadow, and this is much later than when we
process the flags and PGOPTIONS packet, so the patch seemed like the
cleanest way to go. We could have delayed the setting of those
variables, but there are some variables that have to be set _before_ we
connect to pg_shadow, so it would get tricky.

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Josh Berkus 2003-06-11 23:25:22 Re: [HACKERS] "Adding missing from clause" (replacement)
Previous Message Robert Treat 2003-06-11 22:12:48 Re: [HACKERS] GUC --- prevent non-super user changes

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2003-06-11 22:38:07 Re: Simple LRU for clog and (later) subtrans
Previous Message Robert Treat 2003-06-11 22:12:48 Re: [HACKERS] GUC --- prevent non-super user changes