Hi all, While reading the code of pg_log_backend_memory_contexts(), I have been surprised to see that the code would attempt to look at a PROC entry based on the given input PID *before* checking if the function has been called by a superuser. This does not strike me as a good idea as this allows any users to call this function and to take ProcArrayLock in shared mode, freely.
It seems to me that we had better check for a superuser at the beginning of the function, like in the attached. Thanks, -- Michael
diff --git a/src/backend/utils/adt/mcxtfuncs.c b/src/backend/utils/adt/mcxtfuncs.c
index 2984768d19..0d52613bc3 100644
--- a/src/backend/utils/adt/mcxtfuncs.c
+++ b/src/backend/utils/adt/mcxtfuncs.c
@@ -175,7 +175,15 @@ Datum
pg_log_backend_memory_contexts(PG_FUNCTION_ARGS)
{
int pid = PG_GETARG_INT32(0);
- PGPROC *proc = BackendPidGetProc(pid);
+ PGPROC *proc;
+
+ /* Only allow superusers to log memory contexts. */
+ if (!superuser())
+ ereport(ERROR,
+ (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+ errmsg("must be a superuser to log memory contexts")));
+
+ proc = BackendPidGetProc(pid);
/*
* BackendPidGetProc returns NULL if the pid isn't valid; but by the time
@@ -197,12 +205,6 @@ pg_log_backend_memory_contexts(PG_FUNCTION_ARGS)
PG_RETURN_BOOL(false);
}
- /* Only allow superusers to log memory contexts. */
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- errmsg("must be a superuser to log memory contexts")));
-
if (SendProcSignal(pid, PROCSIG_LOG_MEMORY_CONTEXT, proc->backendId) < 0)
{
/* Again, just a warning to allow loops */
signature.asc
Description: PGP signature
