Home > mailing lists

Re: User with BYPASSRLS privilege can't change password - Mailing list pgsql-bugs

From	Wolfgang Walther
Subject	Re: User with BYPASSRLS privilege can't change password
Date	November 3, 2020 21:26:13
Msg-id	be39bd26-4024-0bf5-eb28-31984a887265@technowledgy.de Whole thread Raw
In response to	Re: User with BYPASSRLS privilege can't change password (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: User with BYPASSRLS privilege can't change password
List	pgsql-bugs

Tree view

Tom Lane:
> How do you figure that?  This is in an "else" path after
> 
>     else if (authform->rolreplication || isreplication >= 0)
> 
> so AFAICS it's impossible to get there.  If it isn't impossible,
> we have a much bigger hole with respect to issuper.

Yes, you're right. I read the || as &&. And also missed the ! in else if 
(!have_createrole_privilege()) btw. :)

I guess the error message "must be superuser to alter replication users" 
led me on the wrong path. I would be more precise as "must be superuser 
to alter replication users or change replication attribute" to cover the 
change-non-replication-to-replication user case, I think. The same thing 
for superusers.

Best

Wolfgang

pgsql-bugs by date:

From: Tom Lane
Date: 03 November 2020, 21:19:01
Subject: Re: User with BYPASSRLS privilege can't change password

From: James Coleman
Date: 03 November 2020, 21:35:30
Subject: Re: segfault with incremental sort

Re: User with BYPASSRLS privilege can't change password - Mailing list pgsql-bugs

Previous

Next