Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitbfed4ab

Browse files
committed
Disallow SET SESSION AUTHORIZATION pg_*
As part of reserving the pg_* namespace for default roles and in linewith SET ROLE and other previous efforts, disallow settings the roleto a default/reserved role using SET SESSION AUTHORIZATION.These checks and restrictions on what is allowed regarding default /reserved roles are under debate, but it seems prudent to ensure thatthe existing checks at least cover the intended cases while thedebate rages on. On me to clean it up if the consensus decision isto remove these checks.
1 parentbe65edd commitbfed4ab

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

‎src/backend/commands/variable.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -794,6 +794,10 @@ check_session_authorization(char **newval, void **extra, GucSource source)
794794
return false;
795795
}
796796

797+
/* Do not allow setting role to a reserved role. */
798+
if (strncmp(*newval,"pg_",3)==0)
799+
return false;
800+
797801
/* Look up the username */
798802
roleTup=SearchSysCache1(AUTHNAME,PointerGetDatum(*newval));
799803
if (!HeapTupleIsValid(roleTup))

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp