| From: | Robert Haas <rhaas(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Do not allow removal of superuser privileges from bootstrap user |
| Date: | 2022-07-26 18:39:39 |
| Message-ID: | E1oGPT0-001NM8-LH@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Do not allow removal of superuser privileges from bootstrap user.
A bootstrap user who is not a superuser will still own many
important system objects, such as the pg_catalog schema, that
will likely allow that user to regain superuser status. Therefore,
allowing the superuser property to be removed from the superuser
creates a false perception of security where none exists.
Although removing superuser from the bootstrap user is also a bad idea
and should be considered unsupported in all released versions, no
back-patch, as this is a behavior change.
Discussion: http://postgr.es/m/CA+TgmoZirCwArJms_fgvLBFrC6b=HdxmG7iAhv+kt_=NBA7tEw@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e530be2c5ce77475d56ccf8f4e0c4872b666ad5f
Modified Files
--------------
src/backend/commands/user.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2022-07-26 19:10:22 | pgsql: Remove the restriction that the relmap must be 512 bytes. |
| Previous Message | Tom Lane | 2022-07-26 18:30:30 | Re: Unstable tests for recovery conflict handling |