| From: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Subject: | CREATEROLE and role ownership hierarchies |
| Date: | 2021-10-20 18:40:35 |
| Message-ID: | D9065DFB-56DB-4E89-A73E-DB8CC2C746C6@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
These patches have been split off the now deprecated monolithic "Delegating superuser tasks to new security roles" thread at [1].
The purpose of these patches is to fix the CREATEROLE escalation attack vector misfeature. (Not everyone will see CREATEROLE that way, but the perceived value of the patch set likely depends on how much you see CREATEROLE in that light.)
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Add-tests-of-the-CREATEROLE-attribute.patch | application/octet-stream | 13.4 KB |
| v1-0002-Add-owners-to-roles.patch | application/octet-stream | 14.7 KB |
| v1-0003-Give-role-owners-control-over-owned-roles.patch | application/octet-stream | 17.2 KB |
| v1-0004-Restrict-power-granted-via-CREATEROLE.patch | application/octet-stream | 40.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Dilger | 2021-10-20 18:40:39 | Non-superuser subscription owners |
| Previous Message | Mark Dilger | 2021-10-20 18:40:32 | Non-superuser event trigger owners |