On Sun, May 17, 2015 at 09:31:47PM +0200, José Luis Tallón wrote:
> On 05/17/2015 07:39 PM, Tom Lane wrote:
> >José Luis Tallón <jltallon@adv-solutions.net> writes:
> >>On the other hand, ISTM that what we all intend to achieve is some
> >>Postgres equivalent of the SUID bit... so why not just do something
> >>equivalent?
> >>-------
> >> LOGIN -- as user with the appropriate role membership / privilege?
> >> ...
> >> SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
> >> ... do whatever ... -- unprivileged user can NOT do the
> >>"impersonate" thing
> >> DISCARD ALL -- implicitly restore previous authz
> >>-------
> >Oh? What stops the unprivileged user from doing DISCARD ALL?
>
> Indeed. The pooler would need to block this.
> Or we would need to invent another (this time, privileged) verb in
> order to restore authz.
What if you put the SQL in a function then call the function? I don't
see how the pooler could block this.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ Everyone has their own god. +
