Re: Cross-backend signals and administration (Was: Re: pg_terminate_backend for same-role)

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>
Cc: Andres Freund <andres(at)anarazel(dot)de>, pgsql-hackers(at)postgresql(dot)org, Robert Haas <robertmhaas(at)gmail(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Daniel Farina <daniel(at)heroku(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Subject: Re: Cross-backend signals and administration (Was: Re: pg_terminate_backend for same-role)
Date: 2012-03-27 20:30:58
Message-ID: 4F722382.2000300@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 03/27/2012 03:14 PM, Kevin Grittner wrote:
> Andres Freund<andres(at)anarazel(dot)de> wrote:
>> On Tuesday, March 27, 2012 07:51:59 PM Kevin Grittner wrote:
>>>> Well, I guess if you have different people sharing the same
>>>> user-ID, you probably wouldn't want that.
>>>
>>> As Tom pointed out, if there's another person sharing the user ID
>>> you're using, and you don't trust them, their ability to cancel
>>> your session is likely way down the list of concerns you should
>>> have.
>> Hm. I don't think that is an entirely valid argumentation. The
>> same user could have entirely different databases. They even could
>> have distinct access countrol via the clients ip.
>> I have seen the same cluster being used for prod/test instances at
>> smaller shops several times.
>>
>> Whether thats a valid usecase I have no idea.
>
> Well, that does sort of leave an arguable vulnerability. Should the
> same user only be allowed to kill the process from a connection to
> the same database?
>

It might be a reasonable restriction in theory, but I doubt it's much of
a security gain.

cheers

andrew

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2012-03-27 20:38:57 Re: Command Triggers patch v18
Previous Message Robert Haas 2012-03-27 20:25:42 Re: pg_test_timing tool for EXPLAIN ANALYZE overhead