Re: BUG #17062: Assert failed in RemoveRoleFromObjectPolicy() on DROP OWNED policy applied to duplicate role
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: Stephen Frost <sfrost@snowman.net>, Michael Paquier <michael@paquier.xyz>,
exclusion@gmail.com, pgsql-bugs@lists.postgresql.org
Date: 2021-06-18T20:00:02Z
Lists: pgsql-bugs
Alvaro Herrera <alvherre@alvh.no-ip.org> writes: > Could you just set the policy to be granted to "only the bootstrap > superuser" in that case? I mean as an implementation path for back > branches; use NONE going forward. That would make the policy allow > nobody who can't already access the record, instead of falling back to > PUBLIC -- which I agree seems suboptimal security-wise. That doesn't seem like a great solution --- it would produce very confusing output from pg_dump for instance. In fact, I think it breaks pg_dump for cases where the target DB has a different bootstrap superuser name. regards, tom lane
Commits
-
Remove unnecessary failure cases in RemoveRoleFromObjectPolicy().
- fea89d64e8e4 11.13 landed
- f851696a21b2 12.8 landed
- f5b780c45ca6 10.18 landed
- ba815f00a0ce 13.4 landed
- 9c7a150aec71 9.6.23 landed
- 5a0f1c8c0193 14.0 landed
-
Fix misbehavior of DROP OWNED BY with duplicate polroles entries.
- ea5ae3ae1ab0 11.13 landed
- d21fca084356 14.0 landed
- c58a41605ffa 12.8 landed
- b7e3a440775b 10.18 landed
- 33af10c598e2 13.4 landed
- 0b29b41e5b96 9.6.23 landed