Thread: pgsql: Enforce superuser permissions checks during ALTER ROLE/DATABASE
pgsql: Enforce superuser permissions checks during ALTER ROLE/DATABASE
From
tgl@postgresql.org (Tom Lane)
Date:
Log Message:
-----------
Enforce superuser permissions checks during ALTER ROLE/DATABASE SET, rather
than during define_custom_variable(). This entails rejecting an ALTER
command if the target variable doesn't have a known (non-placeholder)
definition, unless the calling user is superuser. When the variable *is*
known, we can correctly apply the rule that only superusers can issue ALTER
for SUSET parameters. This allows define_custom_variable to apply ALTER's
values for SUSET parameters at module load time, secure in the knowledge
that only a superuser could have set the ALTER value. This change fixes a
longstanding gotcha in the usage of SUSET-level custom parameters; which
is a good thing to fix now that plpgsql defines such a parameter.
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
alter_role.sgml (r1.16 -> r1.17)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/alter_role.sgml?r1=1.16&r2=1.17)
pgsql/src/backend/utils/misc:
guc.c (r1.549 -> r1.550)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c?r1=1.549&r2=1.550)