| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Joseph Koshakow <koshy44(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Preventing non-superusers from altering session authorization |
| Date: | 2023-07-10 20:31:58 |
| Message-ID: | 20230710203158.GA410521@nathanxps13 |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jul 09, 2023 at 08:54:30PM -0400, Joseph Koshakow wrote:
> I just realized that you moved this comment from
> SetSessionAuthorization. I think we should leave the part about setting
> the GUC variable is_superuser on top of SetSessionAuthorization since
> that's where we actually set the GUC.
Okay. Here's a new patch set in which I believe I've addressed all
feedback. I didn't keep the GetAuthenticatedUserIsSuperuser() helper
function around, as I didn't see a strong need for it. And I haven't
touched the "is_superuser" GUC, either. I figured we can take up any
changes for it in the other thread.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| Attachment | Content-Type | Size |
|---|---|---|
| v6-0001-Rename-session_auth_is_superuser-to-current_role_.patch | text/x-diff | 2.7 KB |
| v6-0002-Move-session-auth-privilege-check-to-check_sessio.patch | text/x-diff | 4.1 KB |
| v6-0003-Prevent-non-superusers-from-altering-session-auth.patch | text/x-diff | 6.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikolay Samokhvalov | 2023-07-10 20:36:39 | Re: pg_upgrade instructions involving "rsync --size-only" might lead to standby corruption? |
| Previous Message | Nathan Bossart | 2023-07-10 20:06:58 | Re: add non-option reordering to in-tree getopt_long |