Quick Links

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)

From:	Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Noah Misch <noah(at)leadboat(dot)com>, Jacob Champion <pchampion(at)vmware(dot)com>, "sfrost(at)snowman(dot)net" <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, "tgl(at)sss(dot)pgh(dot)pa(dot)us" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "chap(at)anastigmatix(dot)net" <chap(at)anastigmatix(dot)net>, torikoshia <torikoshia(at)oss(dot)nttdata(dot)com>
Subject:	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Date:	2021-07-23 20:57:37
Message-ID:	F8FADE5E-CB9A-40BE-949B-61B981613064@enterprisedb.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> On Jul 23, 2021, at 1:54 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
>
> Yeah, but you're inventing a system for allowing the restriction on a
> GUC to be something other than is-superuser in the very patch we're
> talking about. So it could be something like is-database-security.
> Therefore I don't grok the objection.

I'm not objecting to how hard it would be to implement. I'm objecting to the semantics. If the only non-superuser who can set the GUC is pg_database_security, then it is absolutely worthless in preventing pg_database_security from trapping actions performed by pg_network_security members. On the other hand, if pg_network_security can also set the GUC, then pg_network_security can circumvent audit logging that pg_database_security put in place. What's the point in having these as separate roles if they can circumvent each other's authority?

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-07-23 20:54:03 from Robert Haas

Responses

Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-07-23 21:04:10 from Mark Dilger
Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers) at 2021-07-26 19:09:07 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Mark Dilger	2021-07-23 21:04:10	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)
Previous Message	Robert Haas	2021-07-23 20:54:03	Re: Delegating superuser tasks to new security roles (Was: Granting control of SUSET gucs to non-superusers)