Set GUC "is_superuser" in all processes that set AuthenticatedUserId.

It was always false in single-user mode, in autovacuum workers, and in background workers. This had no specifically-identified security consequences, but non-core code or future work might make it security-relevant. Back-patch to v11 (all supported versions). Jelte Fennema-Nio. Reported by Jelte Fennema-Nio.
2025-05-03 22:24:49 +03:00 · 2023-11-06 06:14:13 -08:00 · 2023-11-06 06:14:13 -08:00 · ecd5d240c5
commit ecd5d240c5
parent 508acb901e
1 changed files with 8 additions and 0 deletions
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@ -797,6 +797,14 @@ InitializeSessionUserIdStandalone(void)
 	AuthenticatedUserIsSuperuser = true;

 	SetSessionUserId(BOOTSTRAP_SUPERUSERID, true);
+
+	/*
+	 * XXX This should set SetConfigOption("session_authorization"), too.
+	 * Since we don't, C code will get NULL, and current_setting() will get an
+	 * empty string.
+	 */
+	SetConfigOption("is_superuser", "on",
+					PGC_INTERNAL, PGC_S_DYNAMIC_DEFAULT);
 }