This is an automated email from the ASF dual-hosted git repository.
djwang pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudberry.git
The following commit(s) were added to refs/heads/main by this push:
new 822c60081b8 Set GUC "is_superuser" in all processes that set
AuthenticatedUserId.
822c60081b8 is described below
commit 822c60081b8b0bd3bb13af83a74520311ee73d25
Author: Noah Misch <[email protected]>
AuthorDate: Mon Nov 6 06:14:13 2023 -0800
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
It was always false in single-user mode, in autovacuum workers, and in
background workers. This had no specifically-identified security
consequences, but non-core code or future work might make it
security-relevant. Back-patch to v11 (all supported versions).
Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
---
src/backend/utils/init/miscinit.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/backend/utils/init/miscinit.c
b/src/backend/utils/init/miscinit.c
index a8e7ff0f057..83dee55ad8a 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -841,6 +841,14 @@ InitializeSessionUserIdStandalone(void)
AuthenticatedUserIsSuperuser = true;
SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
+
+ /*
+ * XXX This should set SetConfigOption("session_authorization"), too.
+ * Since we don't, C code will get NULL, and current_setting() will get
an
+ * empty string.
+ */
+ SetConfigOption("is_superuser", "on",
+ PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
