From: Noah Misch <noah@leadboat.com>
Date: Mon, 6 Nov 2023 14:14:13 +0000 (-0800)
Subject: Set GUC "is_superuser" in all processes that set AuthenticatedUserId.
X-Git-Tag: REL_14_10~4
X-Git-Url: http://git.postgresql.org/gitweb/?a=commitdiff_plain;h=ecd5d240c5965b5127e1c2fdf93c9fc61f2d1acd;p=postgresql.git

Set GUC "is_superuser" in all processes that set AuthenticatedUserId.

It was always false in single-user mode, in autovacuum workers, and in
background workers.  This had no specifically-identified security
consequences, but non-core code or future work might make it
security-relevant.  Back-patch to v11 (all supported versions).

Jelte Fennema-Nio.  Reported by Jelte Fennema-Nio.
---

diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index 922f553512e..1f0b3175aed 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -797,6 +797,14 @@ InitializeSessionUserIdStandalone(void)
 	AuthenticatedUserIsSuperuser = true;
 
 	SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
+
+	/*
+	 * XXX This should set SetConfigOption("session_authorization"), too.
+	 * Since we don't, C code will get NULL, and current_setting() will get an
+	 * empty string.
+	 */
+	SetConfigOption("is_superuser", "on",
+					PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
 }