Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather

Tom Lane <tgl@sss.pgh.pa.us>

Commit: a6dcd19a2a5064d753c1d5aa756a2d50cf05842d
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2010-04-21T20:54:19Z
Releases: 9.0.0
Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
than during define_custom_variable().  This entails rejecting an ALTER
command if the target variable doesn't have a known (non-placeholder)
definition, unless the calling user is superuser.  When the variable *is*
known, we can correctly apply the rule that only superusers can issue ALTER
for SUSET parameters.  This allows define_custom_variable to apply ALTER's
values for SUSET parameters at module load time, secure in the knowledge
that only a superuser could have set the ALTER value.  This change fixes a
longstanding gotcha in the usage of SUSET-level custom parameters; which
is a good thing to fix now that plpgsql defines such a parameter.

Files

PathChange+/−
doc/src/sgml/ref/alter_role.sgml modified +27 −22
src/backend/utils/misc/guc.c modified +131 −42