Re: debugger from superuser only.... why?
| От | Tom Lane |
|---|---|
| Тема | Re: debugger from superuser only.... why? |
| Дата | |
| Msg-id | 170505.1695652114@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: debugger from superuser only.... why? (Alexander Petrossian <alexander.petrossian@gmail.com>) |
| Ответы |
Re: debugger from superuser only.... why?
|
| Список | pgsql-general |
Alexander Petrossian <alexander.petrossian@gmail.com> writes:
>>> I am wondering why is this, why not allow debugging for non-privileged users?
Seems obvious to me that it'd be a nasty security hole, ie you could
take control of somebody else's session and make it do things you
don't have permissions for. Even if there's a way to restrict
debugging connections to sessions owned by the same user, you'd
have a big problem with being able to change the behavior of
security-definer functions. Clearly, the authors of pldebugger
decided that was a can of worms they didn't care to open.
regards, tom lane
В списке pgsql-general по дате отправления: