Thread: BUG #13649: system catalog pg_authid doesn't update automatically

BUG #13649: system catalog pg_authid doesn't update automatically

From

450019844@qq.com

Date:

29 September 2015, 08:37:41

The following bug has been logged on the website:

Bug reference:      13649
Logged by:          aaron chan
Email address:      450019844@qq.com
PostgreSQL version: 9.5alpha2
Operating system:   CentOS release 6.4 (Final)
Description:

step1:revoke "postgres" database user's superuser privilege.
step2:excute query "select relacl from pg_class where relname='pg_authid';"

the query result is "{postgres=arwdDxt/postgres}"

here it says "postgres" database user still has the update privilege ,but in
fact it can't.

Re: BUG #13649: system catalog pg_authid doesn't update automatically

From

Tom Lane

Date:

29 September 2015, 16:13:58

450019844@qq.com writes:
> step1:revoke "postgres" database user's superuser privilege.

That's not particularly a supported operation...

> step2:excute query "select relacl from pg_class where relname='pg_authid';"
> the query result is "{postgres=arwdDxt/postgres}"
> here it says "postgres" database user still has the update privilege ,but in
> fact it can't.

There's an additional security filter, independent of granted privileges,
that says that only superusers can directly update system catalogs.

            regards, tom lane