This seems like it should even be considered a security honestly. On Thu, 19 Oct 2023, 19:49 Hemanth Sandrana, <hemanthforpostg...@gmail.com> wrote:
> Hi All, > > Currently, BackgroundWorker connected to a database by calling > BackgroundWorkerInitializeConnection with username as NULL can be > terminated by non-superuser with pg_signal_backend privilege. When the > username is NULL the bgworker process runs as superuser (which is > expected as per the documentation - > https://www.postgresql.org/docs/current/bgworker.html ), but can the > non-superuser (with pg_signal_backend) terminate this superuser owned > process? > We (Mahendrakar and Myself) think that this is a bug and proposing a > fix that sets MyProc->roleId to BOOTSTRAP_SUPERUSERID, similar to > InitializeSessionUserId, to prevent non-superuser terminating it. > > Please let us know your comments. > > Thanks, > Hemanth Sandrana >
