From 293007898d3fa5a815c1c5814df53627553f114d Mon Sep 17 00:00:00 2001 From: Stephen Frost Date: Fri, 8 Apr 2016 16:56:27 -0400 Subject: Reserve the "pg_" namespace for roles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will prevent users from creating roles which begin with "pg_" and will check for those roles before allowing an upgrade using pg_upgrade. This will allow for default roles to be provided at initdb time. Reviews by José Luis Tallón and Robert Haas --- src/backend/commands/schemacmds.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/backend/commands/schemacmds.c') diff --git a/src/backend/commands/schemacmds.c b/src/backend/commands/schemacmds.c index a60ceb8eba7..dea3299ced5 100644 --- a/src/backend/commands/schemacmds.c +++ b/src/backend/commands/schemacmds.c @@ -65,6 +65,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt, const char *queryString) else owner_uid = saved_uid; + /* Additional check to protect reserved role names */ + check_rolespec_name(stmt->authrole, + "Cannot specify reserved role as owner."); + /* fill schema name with the user name if not specified */ if (!schemaName) { -- cgit v1.2.3