| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: ALTER ROLE/DATABASE RESET ALL versus security |
| Date: | 2010-02-27 03:38:49 |
| Message-ID: | 201002270338.o1R3cnB28008@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera wrote:
> Tom Lane wrote:
> > Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> > > Tom Lane wrote:
> > >> It looks to me like the code in AlterSetting() will allow an ordinary
> > >> user to blow away all settings for himself. Even those that are for
> > >> SUSET variables and were presumably set for him by a superuser. Isn't
> > >> this a security hole? I would expect that an unprivileged user should
> > >> not be able to change such settings, not even to the extent of
> > >> reverting to the installation-wide default.
> >
> > > Yes, it is, but this is not a new hole. This works just fine in 8.4
> > > too:
> >
> > So I'd argue for changing it in 8.4 too.
>
> Understood. I'm starting to look at what this requires.
Any progress on this?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
PG East: http://www.enterprisedb.com/community/nav-pg-east-2010.do
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2010-02-27 03:40:57 | Re: Hot Standby query cancellation and Streaming Replication integration |
| Previous Message | Bruce Momjian | 2010-02-27 03:29:30 | Re: plpgsql: numeric assignment to an integer variable errors out |