| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Parallel workers use AuthenticatedUserId for connection privileg |
| Date: | 2024-11-11 22:06:09 |
| Message-ID: | E1tAcXx-001MUo-7n@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Parallel workers use AuthenticatedUserId for connection privilege checks.
Commit 5a2fed911 had an unexpected side-effect: the parallel worker
launched for the new test case would fail if it couldn't use a
superuser-reserved connection slot. The reason that test failed
while all our pre-existing ones worked is that the connection
privilege tests in InitPostgres had been based on the superuserness
of the leader's AuthenticatedUserId, but after the rearrangements
of 5a2fed911 we were testing the superuserness of CurrentUserId,
which the new test case deliberately made to be a non-superuser.
This all seems very accidental and probably not the behavior we really
want, but a security patch is no time to be redesigning things.
Pending some discussion about desirable semantics, hack it so that
InitPostgres continues to pay attention to the superuserness of
AuthenticatedUserId when starting a parallel worker.
Nathan Bossart and Tom Lane, per buildfarm member sawshark.
Security: CVE-2024-10978
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/0edad8654848affe0786c798aea9e1a43dde54bc
Modified Files
--------------
src/backend/utils/init/postinit.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2024-11-11 22:40:54 | pgsql: Last-minute updates for release notes. |
| Previous Message | Tom Lane | 2024-11-11 18:57:48 | pgsql: Fix cross-version upgrade tests. |