| From: | Wolfgang Walther <walther(at)technowledgy(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: User with BYPASSRLS privilege can't change password |
| Date: | 2020-11-03 18:26:13 |
| Message-ID: | be39bd26-4024-0bf5-eb28-31984a887265@technowledgy.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Tom Lane:
> How do you figure that? This is in an "else" path after
>
> else if (authform->rolreplication || isreplication >= 0)
>
> so AFAICS it's impossible to get there. If it isn't impossible,
> we have a much bigger hole with respect to issuper.
Yes, you're right. I read the || as &&. And also missed the ! in else if
(!have_createrole_privilege()) btw. :)
I guess the error message "must be superuser to alter replication users"
led me on the wrong path. I would be more precise as "must be superuser
to alter replication users or change replication attribute" to cover the
change-non-replication-to-replication user case, I think. The same thing
for superusers.
Best
Wolfgang
| From | Date | Subject | |
|---|---|---|---|
| Next Message | James Coleman | 2020-11-03 18:35:30 | Re: segfault with incremental sort |
| Previous Message | Tom Lane | 2020-11-03 18:19:01 | Re: User with BYPASSRLS privilege can't change password |