Re: ALTER ROLE/DATABASE RESET ALL versus security

Alvaro Herrera <alvherre@commandprompt.com>

From: Alvaro Herrera <alvherre@commandprompt.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@postgreSQL.org
Date: 2009-11-15T19:34:06Z
Lists: pgsql-hackers
Tom Lane wrote:
> It looks to me like the code in AlterSetting() will allow an ordinary
> user to blow away all settings for himself.  Even those that are for
> SUSET variables and were presumably set for him by a superuser.  Isn't
> this a security hole?  I would expect that an unprivileged user should
> not be able to change such settings, not even to the extent of
> reverting to the installation-wide default.

Yes, I completely overlooked the fact that users should not be able to
blow away GUCs set by superuser.  I can't handle this right now though,
as I'm leaving in a couple of days and won't return until cca. Dec. 1st.
If this can wait (and I think it does) then I'll handle it then;
otherwise I'd appreciate if someone else could take a look and fix it.

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.