Skip to content

Commit 7bbf4d0

Browse files
nmischnmisch
committed
Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
It was always false in single-user mode, in autovacuum workers, and in background workers. This had no specifically-identified security consequences, but non-core code or future work might make it security-relevant. Back-patch to v11 (all supported versions). Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
1 parent 2893f2f commit 7bbf4d0

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

src/backend/utils/init/miscinit.c

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -708,6 +708,14 @@ InitializeSessionUserIdStandalone(void)
708708
AuthenticatedUserIsSuperuser = true;
709709

710710
SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
711+
712+
/*
713+
* XXX This should set SetConfigOption("session_authorization"), too.
714+
* Since we don't, C code will get NULL, and current_setting() will get an
715+
* empty string.
716+
*/
717+
SetConfigOption("is_superuser", "on",
718+
PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
711719
}
712720

713721

0 commit comments

Comments
 (0)