Documentation says the
pg_signal_backend role cannot signal "a backend owned
by a superuser". On the contrary, it can signal background workers, including
the logical replication launcher. It can signal
autovacuum workers and the
autovacuum launcher. Signaling
autovacuum workers and those two launchers
provides no meaningful exploit, so exploiting this vulnerability requires a
non-core extension with a less-resilient background worker. For example, a
non-core background worker that does not auto-restart would experience a
denial of service with respect to that particular background worker.
The PostgreSQL project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem.
|Affected Version||Fixed In||Fix Published|
If you wish to report a new security vulnerability in PostgreSQL, please send an email to email@example.com.
For reporting non-security bugs, please see the Report a Bug page.