Re: Special role for subscriptions

Hi!
> - If the user's permissions are later revoked, the subscription is unaffected.
Now it work the same, if we revoke superuser, subscription is unaffected and replication still work

Don't check grants in target database is very dangerous, i create publication with system tables(it's not difficult)

select * from pg_publication_tables ;
 pubname | schemaname |     tablename
---------+------------+--------------------
 pub     | pg_catalog | pg_authid
(1 row)

After that i create subscription, in log i see that
2019-03-21 11:19:50.863 MSK [58599] LOG:  logical replication table synchronization worker for subscription
"sub_nosuper",table "pg_authid" has started
 
2019-03-21 11:19:51.039 MSK [58599] ERROR:  null value in column "oid" violates not-null constraint
2019-03-21 11:19:51.039 MSK [58599] DETAIL:  Failing row contains (null, pg_monitor, f, t, f, f, f, f, f, -1, null,
null).
2019-03-21 11:19:51.039 MSK [58599] CONTEXT:  COPY pg_authid, line 1: "pg_monitor   f   t   f   f   f   f   f   -1  \N
\N"

I think it's no problem use it to attack target server after some hack on publication side.

-------- 
Efimkin Evgeny