Re: ALTER ROLE/DATABASE RESET ALL versus security

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Alvaro Herrera <alvherre@commandprompt.com>
Cc: Bruce Momjian <bruce@momjian.us>, pgsql-hackers@postgresql.org
Date: 2010-03-18T15:59:47Z
Lists: pgsql-hackers
Alvaro Herrera <alvherre@commandprompt.com> writes:
> I have come up with the attached patch.  I haven't tested it fully yet,
> and I need to backport it.  The gist of it is: we can't simply remove
> the pg_db_role_setting tuple, we need to ask GUC to reset the settings
> array, for which it checks superuser-ness on each setting.

I think you still want to have a code path whereby the tuple will be
deleted once the array is empty.  Failing to check that is inefficient
and also exposes clients such as pg_dump to corner case bugs.

			regards, tom lane