Home > mailing lists

Re: User with BYPASSRLS privilege can't change password - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: User with BYPASSRLS privilege can't change password
Date	November 3, 2020 21:17:23
Msg-id	958390.1604427443@sss.pgh.pa.us Whole thread Raw
In response to	User with BYPASSRLS privilege can't change password (Wolfgang Walther <walther@technowledgy.de>)
List	pgsql-bugs

Tree view

Stephen Frost <sfrost@snowman.net> writes:
>> @@ -739,7 +741,6 @@ AlterRole(AlterRoleStmt *stmt)
>>             createrole < 0 &&
>>             createdb < 0 &&
>>             canlogin < 0 &&
>> -             isreplication < 0 &&
>>             !dconnlimit &&
>>             !rolemembers &&
>>             !validUntil &&

> This seems like an independent change..?  Not saying it's wrong though.

That test is redundant, since we wouldn't be in this path at all if
isreplication >= 0.  You could alternatively argue that this should
redundantly test all three of issuper, isreplication, and bypassrls;
but testing just one of them is confusing and hence bug-prone.

            regards, tom lane

pgsql-bugs by date:

From: Wolfgang Walther
Date: 03 November 2020, 21:05:32
Subject: Re: User with BYPASSRLS privilege can't change password

From: Tom Lane
Date: 03 November 2020, 21:19:01
Subject: Re: User with BYPASSRLS privilege can't change password

Re: User with BYPASSRLS privilege can't change password - Mailing list pgsql-bugs

Previous

Next