Disallow SET SESSION AUTHORIZATION pg_*

As part of reserving the pg_* namespace for default roles and in line with SET ROLE and other previous efforts, disallow settings the role to a default/reserved role using SET SESSION AUTHORIZATION. These checks and restrictions on what is allowed regarding default / reserved roles are under debate, but it seems prudent to ensure that the existing checks at least cover the intended cases while the debate rages on. On me to clean it up if the consensus decision is to remove these checks.

Disallow SET SESSION AUTHORIZATION pg_*
As part of reserving the pg_* namespace for default roles and in line with SET ROLE and other previous efforts, disallow settings the role to a default/reserved role using SET SESSION AUTHORIZATION. These checks and restrictions on what is allowed regarding default / reserved roles are under debate, but it seems prudent to ensure that the existing checks at least cover the intended cases while the debate rages on. On me to clean it up if the consensus decision is to remove these checks.
bfed4ab8 · Stephen Frost · be65eddd · bfed4ab8
Commit bfed4ab8 authored Apr 13, 2016 by Stephen Frost
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/backend/commands/variable.c src/backend/commands/variable.c +4 -0

No files found.
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -794,6 +794,10 @@ check_session_authorization(char **newval, void **extra, GucSource source)
 		return false;
 	}

+	/* Do not allow setting role to a reserved role. */
+	if (strncmp(*newval, "pg_", 3) == 0)
+		return false;
+
 	/* Look up the username */
 	roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
 	if (!HeapTupleIsValid(roleTup))