Fix bug that allowed any logged-in user to SET ROLE to any other database user

Tom Lane <tgl@sss.pgh.pa.us>

Commit: 20334a9e86bc4d57cd3fe8d2621d8fabb45420ae
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2006-02-12T22:32:57Z
Releases: 8.1.3
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.

Files