Re: CREATE ROLE IF NOT EXISTS - Mailing list pgsql-hackers

From Daniel Gustafsson
Subject Re: CREATE ROLE IF NOT EXISTS
Date
Msg-id 475A5F55-21CA-4FEB-A875-394FF841C4A4@yesql.se
Whole thread Raw
In response to Re: CREATE ROLE IF NOT EXISTS  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: CREATE ROLE IF NOT EXISTS
List pgsql-hackers
> On 3 Nov 2021, at 23:18, Tom Lane <tgl@sss.pgh.pa.us> wrote:

> I'm generally pretty down on IF NOT EXISTS semantics in all cases,
> but it seems particularly dangerous for something as fundamental
> to privilege checks as a role.  It's not hard at all to conjure up
> scenarios in which this permits privilege escalation.  That is,
> Alice wants to create role Bob and give it some privileges, but
> she's lazy and writes a quick-and-dirty script using CREATE ROLE
> IF NOT EXISTS.  Meanwhile Charlie sneaks in and creates Bob first,
> and then grants it to himself.  Now Alice's script is giving away
> all sorts of privilege to Charlie.  (Admittedly, Charlie must have
> CREATEROLE privilege already, but that doesn't mean he has every
> privilege that Alice has --- especially not as we continue working
> to slice the superuser salami ever more finely.)

I agree with this take, I don't think the convenience outweighs the risk in
this case.

--
Daniel Gustafsson        https://vmware.com/




pgsql-hackers by date:

Previous
From: Andreas Seltenreich
Date:
Subject: [sqlsmith] Failed assertion in brin_minmax_multi_distance_float4 on REL_14_STABLE
Next
From: Amit Kapila
Date:
Subject: Re: Logical insert/update/delete WAL records for custom table AMs