Disallow SET SESSION AUTHORIZATION pg_*

As part of reserving the pg_* namespace for default roles and in line with SET ROLE and other previous efforts, disallow settings the role to a default/reserved role using SET SESSION AUTHORIZATION. These checks and restrictions on what is allowed regarding default / reserved roles are under debate, but it seems prudent to ensure that the existing checks at least cover the intended cases while the debate rages on. On me to clean it up if the consensus decision is to remove these checks.
author: Stephen Frost 2016-04-14 01:31:24 +0000
committer: Stephen Frost 2016-04-14 01:31:24 +0000
commit: bfed4ab824789fd7c000286650d4498dccb05634 (patch)
tree: f9b820970942fc064f507a6b7b153c91cb014d36
parent: be65eddd80093a923b091dc60776aa6f966d1f07 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index 57da0149d9..05e59a6e09 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -794,6 +794,10 @@ check_session_authorization(char **newval, void **extra, GucSource source)
 		return false;
 	}
 
+	/* Do not allow setting role to a reserved role. */
+	if (strncmp(*newval, "pg_", 3) == 0)
+		return false;
+
 	/* Look up the username */
 	roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(*newval));
 	if (!HeapTupleIsValid(roleTup))
author	Stephen Frost	2016-04-14 01:31:24 +0000
committer	Stephen Frost	2016-04-14 01:31:24 +0000
commit	bfed4ab824789fd7c000286650d4498dccb05634 (patch)
tree	f9b820970942fc064f507a6b7b153c91cb014d36
parent	be65eddd80093a923b091dc60776aa6f966d1f07 (diff)