Re: BUG #13649: system catalog pg_authid doesn't update automatically

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: 450019844(at)qq(dot)com
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #13649: system catalog pg_authid doesn't update automatically
Date: 2015-09-29 13:13:46
Message-ID: 29889.1443532426@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

450019844(at)qq(dot)com writes:
> step1:revoke "postgres" database user's superuser privilege.

That's not particularly a supported operation...

> step2:excute query "select relacl from pg_class where relname='pg_authid';"
> the query result is "{postgres=arwdDxt/postgres}"
> here it says "postgres" database user still has the update privilege ,but in
> fact it can't.

There's an additional security filter, independent of granted privileges,
that says that only superusers can directly update system catalogs.

regards, tom lane

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message marisradu 2015-09-29 13:19:42 BUG #13652: Function names as a table prefiex by underscore, confused with array
Previous Message digoal 2015-09-29 11:57:37 BUG #13651: trigger security invoker attack