Re: ALTER ROLE/DATABASE RESET ALL versus security

Bernd Helmle <mailings@oopsware.de>

From: Bernd Helmle <mailings@oopsware.de>
To: Tom Lane <tgl@sss.pgh.pa.us>, Alvaro Herrera <alvherre@commandprompt.com>
Cc: pgsql-hackers@postgreSQL.org
Date: 2009-11-14T02:01:43Z
Lists: pgsql-hackers

--On 13. November 2009 19:08:22 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote:

> It looks to me like the code in AlterSetting() will allow an ordinary
> user to blow away all settings for himself.  Even those that are for
> SUSET variables and were presumably set for him by a superuser.  Isn't
> this a security hole?  I would expect that an unprivileged user should
> not be able to change such settings, not even to the extent of
> reverting to the installation-wide default.

I agree. A quick check shows that resetting or changing a single parameter 
is not allowed, so this seems inconsistent anyways. Maybe AlterSetting() 
should be more strict and pick only those settings, which are safe for 
ordinary users to reset?

-- 
Thanks

	Bernd