Re: Preventing non-superusers from altering session authorization

Joseph Koshakow <koshy44@gmail.com>

From: Joseph Koshakow <koshy44@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-07-10T20:46:07Z
Lists: pgsql-hackers
On Mon, Jul 10, 2023 at 4:32 PM Nathan Bossart <nathandbossart@gmail.com>
wrote:
> Okay.  Here's a new patch set in which I believe I've addressed all
> feedback.  I didn't keep the GetAuthenticatedUserIsSuperuser() helper
> function around, as I didn't see a strong need for it.

Thanks, I think the patch set looks good to go!

> And I haven't
> touched the "is_superuser" GUC, either.  I figured we can take up any
> changes for it in the other thread.

Yeah, I think that makes sense.

Thanks,
Joe Koshakow

Commits

  1. Fix privilege check for SET SESSION AUTHORIZATION.

  2. Move privilege check for SET SESSION AUTHORIZATION.

  3. Rename session_auth_is_superuser to current_role_is_superuser.