Re: BUG #17062: Assert failed in RemoveRoleFromObjectPolicy() on DROP OWNED policy applied to duplicate role

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Stephen Frost <sfrost@snowman.net>, Michael Paquier <michael@paquier.xyz>, exclusion@gmail.com, pgsql-bugs@lists.postgresql.org
Date: 2021-06-18T20:00:02Z
Lists: pgsql-bugs
Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
> Could you just set the policy to be granted to "only the bootstrap
> superuser" in that case?  I mean as an implementation path for back
> branches; use NONE going forward.  That would make the policy allow
> nobody who can't already access the record, instead of falling back to
> PUBLIC -- which I agree seems suboptimal security-wise.

That doesn't seem like a great solution --- it would produce very
confusing output from pg_dump for instance.  In fact, I think it
breaks pg_dump for cases where the target DB has a different
bootstrap superuser name.

			regards, tom lane



Commits

  1. Remove unnecessary failure cases in RemoveRoleFromObjectPolicy().

  2. Fix misbehavior of DROP OWNED BY with duplicate polroles entries.