Home > mailing lists

Re: Preventing non-superusers from altering session authorization - Mailing list pgsql-hackers

From	Nathan Bossart
Subject	Re: Preventing non-superusers from altering session authorization
Date	June 22, 2023 06:48:18
Msg-id	20230622034818.GA1077640@nathanxps13 Whole thread Raw
In response to	Preventing non-superusers from altering session authorization (Joseph Koshakow <koshy44@gmail.com>)
Responses	Re: Preventing non-superusers from altering session authorization
List	pgsql-hackers

Tree view

On Wed, Jun 21, 2023 at 04:28:43PM -0400, Joseph Koshakow wrote:
> +    roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
> +    if (!HeapTupleIsValid(roleTup))
> +        ereport(FATAL,
> +                (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
> +                        errmsg("role with OID %u does not exist", AuthenticatedUserId)));
> +    rform = (Form_pg_authid) GETSTRUCT(roleTup);

I think "superuser_arg(AuthenticatedUserId)" would work here.

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

pgsql-hackers by date:

From: Amit Kapila
Date: 22 June 2023, 06:46:40
Subject: Re: Assert while autovacuum was executing

From: shveta malik
Date: 22 June 2023, 07:09:30
Subject: Re: Support logical replication of DDLs

Re: Preventing non-superusers from altering session authorization - Mailing list pgsql-hackers

Previous

Next