Quick Links

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
Cc:	Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, michael(at)paquier(dot)xyz, gurjeet(at)singh(dot)im, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS
Date:	2022-07-25 03:49:23
Message-ID:	1834276.1658720963@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Nathan Bossart <nathandbossart(at)gmail(dot)com> writes:
> I noticed that a couple of places check whether whereToSendOutput is set to
> DestRemote to determine if this is an interactive session.

IIRC, that would end in not loading the preload libraries in a standalone
backend. Perhaps that's what we want, but I'd supposed not. Discuss.

regards, tom lane

In response to

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-25 03:40:40 from Nathan Bossart

Responses

Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS at 2022-07-25 04:30:44 from Nathan Bossart

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Richard Guo	2022-07-25 03:51:40	Re: ReadRecentBuffer() is broken for local buffer
Previous Message	Nathan Bossart	2022-07-25 03:40:40	Re: Unprivileged user can induce crash by using an SUSET param in PGOPTIONS