| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | José Luis Tallón <jltallon(at)adv-solutions(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: RFC: Non-user-resettable SET SESSION AUTHORISATION |
| Date: | 2015-05-18 15:41:32 |
| Message-ID: | 20150518154132.GC9458@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, May 17, 2015 at 09:31:47PM +0200, José Luis Tallón wrote:
> On 05/17/2015 07:39 PM, Tom Lane wrote:
> >=?windows-1252?Q?Jos=E9_Luis_Tall=F3n?= <jltallon(at)adv-solutions(dot)net> writes:
> >>On the other hand, ISTM that what we all intend to achieve is some
> >>Postgres equivalent of the SUID bit... so why not just do something
> >>equivalent?
> >>-------
> >> LOGIN -- as user with the appropriate role membership / privilege?
> >> ...
> >> SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
> >> ... do whatever ... -- unprivileged user can NOT do the
> >>"impersonate" thing
> >> DISCARD ALL -- implicitly restore previous authz
> >>-------
> >Oh? What stops the unprivileged user from doing DISCARD ALL?
>
> Indeed. The pooler would need to block this.
> Or we would need to invent another (this time, privileged) verb in
> order to restore authz.
What if you put the SQL in a function then call the function? I don't
see how the pooler could block this.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2015-05-18 15:48:45 | Re: Making the regression tests halt to attach a debugger |
| Previous Message | Jim Nasby | 2015-05-18 15:38:14 | Re: 9.5 open items |