diff options
| author | Noah Misch <noah@leadboat.com> | 2024-11-15 20:39:56 -0800 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2024-11-15 20:40:00 -0800 |
| commit | c463338656ac47e5210fcf9fbf7d20efccce8de8 (patch) | |
| tree | 1ccb7018523f7ce7227c45b80613d268fb636fed /src/backend/utils/init/miscinit.c | |
| parent | 20a82026828536331ebe912b86f060078a173633 (diff) | |
| download | postgresql-c463338656ac47e5210fcf9fbf7d20efccce8de8.tar.gz postgresql-c463338656ac47e5210fcf9fbf7d20efccce8de8.zip | |
Fix per-session activation of ALTER {ROLE|DATABASE} SET role.
After commit 5a2fed911a85ed6d8a015a6bafe3a0d9a69334ae, the catalog state
resulting from these commands ceased to affect sessions. Restore the
longstanding behavior, which is like beginning the session with a SET
ROLE command. If cherry-picking the CVE-2024-10978 fixes, default to
including this, too. (This fixes an unintended side effect of fixing
CVE-2024-10978.) Back-patch to v12, like that commit. The release team
decided to include v12, despite the original intent to halt v12 commits
earlier this week.
Tom Lane and Noah Misch. Reported by Etienne LAFARGE.
Discussion: https://postgr.es/m/CADOZwSb0UsEr4_UTFXC5k7=fyyK8uKXekucd+-uuGjJsGBfxgw@mail.gmail.com
Diffstat (limited to 'src/backend/utils/init/miscinit.c')
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index b2a33ab3073..b8a67d6e96f 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -686,7 +686,25 @@ InitializeSessionUserId(const char *rolename, Oid roleid) { SetAuthenticatedUserId(roleid, is_superuser); - /* Set SessionUserId and related variables via the GUC mechanisms */ + /* + * Set SessionUserId and related variables, including "role", via the + * GUC mechanisms. + * + * Note: ideally we would use PGC_S_DYNAMIC_DEFAULT here, so that + * session_authorization could subsequently be changed from + * pg_db_role_setting entries. Instead, session_authorization in + * pg_db_role_setting has no effect. Changing that would require + * solving two problems: + * + * 1. If pg_db_role_setting has values for both session_authorization + * and role, we could not be sure which order those would be applied + * in, and it would matter. + * + * 2. Sites may have years-old session_authorization entries. There's + * not been any particular reason to remove them. Ending the dormancy + * of those entries could seriously change application behavior, so + * only a major release should do that. + */ SetConfigOption("session_authorization", rname, PGC_BACKEND, PGC_S_OVERRIDE); } |