Skip to content

Commit e530be2

Browse files
robertmhaasrobertmhaas
committed
Do not allow removal of superuser privileges from bootstrap user.
A bootstrap user who is not a superuser will still own many important system objects, such as the pg_catalog schema, that will likely allow that user to regain superuser status. Therefore, allowing the superuser property to be removed from the superuser creates a false perception of security where none exists. Although removing superuser from the bootstrap user is also a bad idea and should be considered unsupported in all released versions, no back-patch, as this is a behavior change. Discussion: http://postgr.es/m/CA+TgmoZirCwArJms_fgvLBFrC6b=HdxmG7iAhv+kt_=NBA7tEw@mail.gmail.com
1 parent f929441 commit e530be2

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

src/backend/commands/user.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -693,7 +693,14 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
693693
*/
694694
if (dissuper)
695695
{
696-
new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(boolVal(dissuper->arg));
696+
bool should_be_super = BoolGetDatum(boolVal(dissuper->arg));
697+
698+
if (!should_be_super && roleid == BOOTSTRAP_SUPERUSERID)
699+
ereport(ERROR,
700+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
701+
errmsg("permission denied: bootstrap user must be superuser")));
702+
703+
new_record[Anum_pg_authid_rolsuper - 1] = should_be_super;
697704
new_record_repl[Anum_pg_authid_rolsuper - 1] = true;
698705
}
699706

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy