diff options
| author | Stephen Frost <sfrost@snowman.net> | 2016-04-13 21:31:24 -0400 |
|---|---|---|
| committer | Stephen Frost <sfrost@snowman.net> | 2016-04-13 21:31:24 -0400 |
| commit | bfed4ab824789fd7c000286650d4498dccb05634 (patch) | |
| tree | f9b820970942fc064f507a6b7b153c91cb014d36 /src/backend/commands/variable.c | |
| parent | be65eddd80093a923b091dc60776aa6f966d1f07 (diff) | |
| download | postgresql-bfed4ab824789fd7c000286650d4498dccb05634.tar.gz postgresql-bfed4ab824789fd7c000286650d4498dccb05634.zip | |
Disallow SET SESSION AUTHORIZATION pg_*
As part of reserving the pg_* namespace for default roles and in line
with SET ROLE and other previous efforts, disallow settings the role
to a default/reserved role using SET SESSION AUTHORIZATION.
These checks and restrictions on what is allowed regarding default /
reserved roles are under debate, but it seems prudent to ensure that
the existing checks at least cover the intended cases while the
debate rages on. On me to clean it up if the consensus decision is
to remove these checks.
Diffstat (limited to 'src/backend/commands/variable.c')
| -rw-r--r-- | src/backend/commands/variable.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c index 57da0149d9f..05e59a6e097 100644 --- a/src/backend/commands/variable.c +++ b/src/backend/commands/variable.c @@ -794,6 +794,10 @@ check_session_authorization(char **newval, void **extra, GucSource source) return false; } + /* Do not allow setting role to a reserved role. */ + if (strncmp(*newval, "pg_", 3) == 0) + return false; + /* Look up the username */ roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval)); if (!HeapTupleIsValid(roleTup)) |