Re: What happened to the tip "It is good practice to create a role that has the CREATEDB and CREATEROLE privileges..."

On Wednesday, April 19, 2023, Bryn Llewellyn <bryn(at)yugabyte(dot)com> wrote:
>
>
> had a reference to an email thread on the pgsql-hackers with subject
> "fixing CREATEROLE". It was started by Robert Haas and it begins thus:
>
> > https://www.postgresql.org/message-id/CA%2BTgmobGds7oefDjZUY%2Bk_
> J7p1sS%3DpTq3sZ060qdb%3DoKei1Dkw%40mail.gmail.com
> >
> > The CREATEROLE permission is in a very bad spot right now. The biggest
> problem that I know about is that it allows you to trivially access the OS
> user account under which PostgreSQL is running, which is expected behavior
> for a superuser but simply wrong behavior for any other user. This is
> because CREATEROLE conveys powerful capabilities not only to create roles
> but also to manipulate them in various ways, including granting any
> non-superuser role in the system to any new or existing user, including
> themselves.
>
>
> The thread goes on forever. And it branches too. It's talking about
> possibly patching the code—precisely to bring about a change in behavior.
> And I'm asking if the fix(es) under discussion would change the behavior of
> the code that I showed.
>

Yes, the behavior change is part of the unreleased v16. We don’t make
non-bug changes to released versions.

David J.