Fix bug that allowed any logged-in user to SET ROLE to any other database user

Tom Lane <tgl@sss.pgh.pa.us>

Commit: 226a980bb0dfaaa4cee3650889218483aa9ec632
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2006-02-12T22:32:43Z
Releases: 8.2.0
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.

Files