| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: User with BYPASSRLS privilege can't change password |
| Date: | 2020-11-03 18:51:52 |
| Message-ID: | 961302.1604429512@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Wolfgang Walther <walther(at)technowledgy(dot)de> writes:
> Tom Lane:
>> so AFAICS it's impossible to get there. If it isn't impossible,
>> we have a much bigger hole with respect to issuper.
> Yes, you're right. I read the || as &&. And also missed the ! in else if
> (!have_createrole_privilege()) btw. :)
Actually the right way to deal with this potential confusion is to
add a comment, as below. I fixed the docs too.
> I guess the error message "must be superuser to alter replication users"
> led me on the wrong path. I would be more precise as "must be superuser
> to alter replication users or change replication attribute" to cover the
> change-non-replication-to-replication user case, I think. The same thing
> for superusers.
I'd be okay with changing the error text in HEAD, but less so in the back
branches, since that'd cause thrashing of translatable strings.
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| fix-bypassrls-privilege-check-2.patch | text/x-diff | 2.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2020-11-03 18:58:39 | Re: User with BYPASSRLS privilege can't change password |
| Previous Message | Tom Lane | 2020-11-03 18:48:12 | Re: segfault with incremental sort |