From: | PG Bug reporting form <noreply(at)postgresql(dot)org> |
---|---|
To: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
Cc: | torcher999(at)gmail(dot)com |
Subject: | BUG #15281: Set role does not affect superuser privleges |
Date: | 2018-07-16 14:55:02 |
Message-ID: | 153175290278.1396.6851104739737410645@wrigleys.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 15281
Logged by: Michal Wozny
Email address: torcher999(at)gmail(dot)com
PostgreSQL version: 10.4
Operating system: Windows Server 2012 R2
Description:
Here are the two scenarios I tested:
1) as a session_user: superuser and current_user: non-superuser I can edit
others' tables
2) as a session_user: non-superuser and current_user: superuser I cannot
edit others' tables
The documentation contradicts 1) explicitly, 2) implicitly:
"when a superuser chooses to SET ROLE to a non-superuser role, they lose
their superuser privileges."
Source: https://www.postgresql.org/docs/current/static/sql-set-role.html
Steps to reproduce:
Preconditions:
create two non-superusers [user1, user2]
create one superuser [user0]
grant user0 to user1
create a table [u2_tab] with owner user2
1)
disconnect
connect as user0
set role user1
rename u2_tab
expected: cannot rename u2_tab
actual: can rename u2_tab
2)
disconnect
connect as user1
set role user0
rename u2_tab
expected: can rename u2_tab
actual: cannot rename u2_tab
SQL steps:
Preconditions:
CREATE USER user0 WITH SUPERUSER
CREATE USER user1
GRANT user0 to user1
CREATE USER user2
CREATE TABLE public.u2_tab
ALTER TABLE public.u2_tab OWNER TO user2
1)
DISCONNECT
CONNECT TO db AS user0
SET ROLE user1
ALTER TABLE public.u2_tab RENAME TO u2_tab1
2)
DISCONNECT
CONNECT TO db AS user1
SET ROLE user0
ALTER TABLE public.u2_tab1 RENAME TO u2_tab2
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-07-16 15:27:29 | Re: BUG #15280: Clang 6.0.1 compiler warning - strlcpy |
Previous Message | PG Bug reporting form | 2018-07-16 13:50:52 | BUG #15280: Clang 6.0.1 compiler warning - strlcpy |