Re: ALTER ROLE/DATABASE RESET ALL versus security
Bernd Helmle <mailings@oopsware.de>
From: Bernd Helmle <mailings@oopsware.de>
To: Tom Lane <tgl@sss.pgh.pa.us>, Alvaro Herrera <alvherre@commandprompt.com>
Cc: pgsql-hackers@postgreSQL.org
Date: 2009-11-14T02:01:43Z
Lists: pgsql-hackers
--On 13. November 2009 19:08:22 -0500 Tom Lane <tgl@sss.pgh.pa.us> wrote: > It looks to me like the code in AlterSetting() will allow an ordinary > user to blow away all settings for himself. Even those that are for > SUSET variables and were presumably set for him by a superuser. Isn't > this a security hole? I would expect that an unprivileged user should > not be able to change such settings, not even to the extent of > reverting to the installation-wide default. I agree. A quick check shows that resetting or changing a single parameter is not allowed, so this seems inconsistent anyways. Maybe AlterSetting() should be more strict and pick only those settings, which are safe for ordinary users to reset? -- Thanks Bernd