Home > mailing lists

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

From	José Luis Tallón
Subject	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION
Date	May 17, 2015 22:31:55
Msg-id	5558ECA3.1030605@adv-solutions.net Whole thread Raw
In response to	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: RFC: Non-user-resettable SET SESSION AUTHORISATION (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

On 05/17/2015 07:39 PM, Tom Lane wrote:
> José Luis Tallón <jltallon@adv-solutions.net> writes:
>> On the other hand, ISTM that what we all intend to achieve is some
>> Postgres equivalent of the SUID bit... so why not just do something
>> equivalent?
>> -------
>>       LOGIN    -- as user with the appropriate role membership / privilege?
>>       ...
>>       SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
>>       ... do whatever ...    -- unprivileged user can NOT do the
>> "impersonate" thing
>>       DISCARD ALL    -- implicitly restore previous authz
>> -------
> Oh?  What stops the unprivileged user from doing DISCARD ALL?

Indeed. The pooler would need to block this.
Or we would need to invent another (this time, privileged) verb in order 
to restore authz.

> I think if we have something like this, it has to be non-resettable
> period: you can't get back the old session ID except by reconnecting
> and re-authorizing.  Otherwise there's just too much risk of security
> holes.

Yes.
Thank you for your feedback, Tom.

    / J.L.

pgsql-hackers by date:

From: Tom Lane
Date: 17 May 2015, 20:39:25
Subject: Re: RFC: Non-user-resettable SET SESSION AUTHORISATION

From: Robert Haas
Date: 17 May 2015, 23:23:17
Subject: Re: WALWriteLock contention

Re: RFC: Non-user-resettable SET SESSION AUTHORISATION - Mailing list pgsql-hackers

Previous

Next