Home > mailing lists

Re: Preventing non-superusers from altering session authorization - Mailing list pgsql-hackers

From	Nathan Bossart
Subject	Re: Preventing non-superusers from altering session authorization
Date	June 23, 2023 20:54:16
Msg-id	20230623175416.GA1268820@nathanxps13 Whole thread Raw
In response to	Re: Preventing non-superusers from altering session authorization (Joseph Koshakow <koshy44@gmail.com>)
Responses	Re: Preventing non-superusers from altering session authorization
List	pgsql-hackers

Tree view

On Thu, Jun 22, 2023 at 06:39:45PM -0400, Joseph Koshakow wrote:
> On Wed, Jun 21, 2023 at 11:48 PM Nathan Bossart <nathandbossart@gmail.com>
> wrote:
>> I see that RESET SESSION AUTHORIZATION
>> with a concurrently dropped role will FATAL with your patch but succeed
>> without it, which could be part of the reason.
> 
> That might be a good change? If the original authenticated role ID no
> longer exists then we may want to return an error when trying to set
> your session authorization to that role.

I was curious why we don't block DROP ROLE if there are active sessions for
the role or terminate any such sessions as part of the command, and I found
this discussion from 2016:

    https://postgr.es/m/flat/56E87CD8.60007%40ohmu.fi

-- 
Nathan Bossart
Amazon Web Services: https://aws.amazon.com

pgsql-hackers by date:

From: Andres Freund
Date: 23 June 2023, 19:37:47
Subject: Re: Assert while autovacuum was executing

From: Tomas Vondra
Date: 23 June 2023, 22:23:43
Subject: Problems with estimating OR conditions, IS NULL on LEFT JOINs

Re: Preventing non-superusers from altering session authorization - Mailing list pgsql-hackers

Previous

Next