Quick Links

Re: Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks.

From:	Merlin Moncure <mmoncure(at)gmail(dot)com>
To:	leaf_yxj <leaf_yxj(at)163(dot)com>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks.
Date:	2012-04-04 18:19:06
Message-ID:	CAHyXU0zyPuFkkR-Br_VB+dBBg2xE8XUe0F0453Qg1PPp9L3B-A@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Wed, Apr 4, 2012 at 12:24 PM, leaf_yxj <leaf_yxj(at)163(dot)com> wrote:
> Hi Aaron: thanks. I tried the security definer. it works well as follows :
>
> CREATE FUNCTION kill_process(integer) RETURNS boolean AS 'select
> pg_cancel_backend($1);' LANGUAGE SQL SECURITY DEFINER;
>
> ---- One more question about this function : if non-super user get the
> execute this function, he/her will have privilege to kill all the processes
> which belong to the postgresql process. How can we avoid that happing.

maybe, inside kill_process, do a quick check against pg_stat_activity
and bail if the process doesn't belong to a known usename?

merlin

In response to

Re: Questions of the privileges to use the pg_cancel_backend and pg_terminate_backend function. Thanks. at 2012-04-04 17:24:01 from leaf_yxj

Browse pgsql-general by date

	From	Date	Subject
Next Message	Eliot Gable	2012-04-04 18:21:29	Leaky Perl / DBIx / Postgres 9.0.1 Trio
Previous Message	Thomas Kellerer	2012-04-04 17:51:34	Re: views, queries, and locks