Re: Preventing non-superusers from altering session authorization
Joseph Koshakow <koshy44@gmail.com>
From: Joseph Koshakow <koshy44@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2023-07-08T23:08:35Z
Lists: pgsql-hackers
Attachments
- v3-0001-Prevent-non-superusers-from-altering-session-auth.patch (text/x-patch) patch v3-0001
On Sat, Jul 8, 2023 at 6:09 PM Nathan Bossart <nathandbossart@gmail.com> wrote: >> I think the issue here is that if a session loses the ability to set >> their session authorization in the middle of a transaction, then >> rolling back the transaction may fail and cause the server to panic. >> That's probably what the deleted comment mean when it said: >> >>> * It's OK because the check does not require catalog access and can't >>> * fail during an end-of-transaction GUC reversion > > Yeah. IIUC the ERROR longjmps to a block that calls AbortTransaction(), > which ERRORs again when resetting the session authorization, which causes > us to call AbortTransaction() again, etc., etc. Everything seems to work fine if the privilege check is moved to check_session_authorization. Which is maybe what the comment meant instead of assign_session_authorization. I've attached a patch with this change. Thanks, Joe Koshakow
Commits
-
Fix privilege check for SET SESSION AUTHORIZATION.
- a0363ab7aafd 17.0 landed
-
Move privilege check for SET SESSION AUTHORIZATION.
- 9987a7bf3406 17.0 landed
-
Rename session_auth_is_superuser to current_role_is_superuser.
- 0fef87753828 17.0 landed