Re: Preventing non-superusers from altering session authorization
Joseph Koshakow <koshy44@gmail.com>
From: Joseph Koshakow <koshy44@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-06-22T22:39:45Z
Lists: pgsql-hackers
Attachments
- v2-0001-Prevent-non-superusers-from-altering-session-auth.patch (text/x-patch) patch v2-0001
On Wed, Jun 21, 2023 at 11:48 PM Nathan Bossart <nathandbossart@gmail.com>
wrote:
>
> On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> > + roleTup = SearchSysCache1(AUTHOID,
ObjectIdGetDatum(AuthenticatedUserId));
> > + if (!HeapTupleIsValid(roleTup))
> > + ereport(FATAL,
> > +
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> > + errmsg("role with OID
%u does not exist", AuthenticatedUserId)));
> > + rform = (Form_pg_authid) GETSTRUCT(roleTup);
>
> I think "superuser_arg(AuthenticatedUserId)" would work here.
Yep, that worked. I've attached a patch with this change.
> I see that RESET SESSION AUTHORIZATION
> with a concurrently dropped role will FATAL with your patch but succeed
> without it, which could be part of the reason.
That might be a good change? If the original authenticated role ID no
longer exists then we may want to return an error when trying to set
your session authorization to that role.
Thanks,
Joe Koshakow
Commits
-
Fix privilege check for SET SESSION AUTHORIZATION.
- a0363ab7aafd 17.0 landed
-
Move privilege check for SET SESSION AUTHORIZATION.
- 9987a7bf3406 17.0 landed
-
Rename session_auth_is_superuser to current_role_is_superuser.
- 0fef87753828 17.0 landed