| From: | Joseph Koshakow <koshy44(at)gmail(dot)com> |
|---|---|
| To: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Preventing non-superusers from altering session authorization |
| Date: | 2023-06-22 22:39:45 |
| Message-ID: | CAAvxfHdj5H88W99anUoFf4OaH+Oozs=e7kF1mhsegxpWOsvQFQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jun 21, 2023 at 11:48 PM Nathan Bossart <nathandbossart(at)gmail(dot)com>
wrote:
>
> On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> > + roleTup = SearchSysCache1(AUTHOID,
ObjectIdGetDatum(AuthenticatedUserId));
> > + if (!HeapTupleIsValid(roleTup))
> > + ereport(FATAL,
> > +
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> > + errmsg("role with OID
%u does not exist", AuthenticatedUserId)));
> > + rform = (Form_pg_authid) GETSTRUCT(roleTup);
>
> I think "superuser_arg(AuthenticatedUserId)" would work here.
Yep, that worked. I've attached a patch with this change.
> I see that RESET SESSION AUTHORIZATION
> with a concurrently dropped role will FATAL with your patch but succeed
> without it, which could be part of the reason.
That might be a good change? If the original authenticated role ID no
longer exists then we may want to return an error when trying to set
your session authorization to that role.
Thanks,
Joe Koshakow
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Prevent-non-superusers-from-altering-session-auth.patch | text/x-patch | 5.3 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2023-06-22 23:01:00 | Re: allow granting CLUSTER, REFRESH MATERIALIZED VIEW, and REINDEX |
| Previous Message | Tomas Vondra | 2023-06-22 22:27:00 | Re: Do we want a hashset type? |