Quick Links

Re: Preventing non-superusers from altering session authorization

From:	Nathan Bossart <nathandbossart(at)gmail(dot)com>
To:	Joseph Koshakow <koshy44(at)gmail(dot)com>
Cc:	PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Preventing non-superusers from altering session authorization
Date:	2023-06-22 03:48:18
Message-ID:	20230622034818.GA1077640@nathanxps13
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> + roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
> + if (!HeapTupleIsValid(roleTup))
> + ereport(FATAL,
> + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> + errmsg("role with OID %u does not exist", AuthenticatedUserId)));
> + rform = (Form_pg_authid) GETSTRUCT(roleTup);

I think "superuser_arg(AuthenticatedUserId)" would work here.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

In response to

Preventing non-superusers from altering session authorization at 2023-06-21 20:28:43 from Joseph Koshakow

Responses

Re: Preventing non-superusers from altering session authorization at 2023-06-22 22:39:45 from Joseph Koshakow

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	shveta malik	2023-06-22 04:09:30	Re: Support logical replication of DDLs
Previous Message	Amit Kapila	2023-06-22 03:46:40	Re: Assert while autovacuum was executing