Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files
| От | David G. Johnston |
|---|---|
| Тема | Re: BUG #15371: a user who not a member of pg_read_server_files rolecan create a new user into pg_read_server_files |
| Дата | |
| Msg-id | CAKFQuwZtXU8QD6kZ4BBNgq0F1xrwq+mrStUkTRt+-W3vSgeuaw@mail.gmail.com обсуждение исходный текст |
| Ответ на | BUG #15371: a user who not a member of pg_read_server_files role cancreate a new user into pg_read_server_files (PG Bug reporting form <noreply@postgresql.org>) |
| Список | pgsql-bugs |
On Saturday, September 8, 2018, PG Bug reporting form <noreply@postgresql.org> wrote:
see the code src/backend/commands/user.c, the check privillige code is :
static void
AddRoleMems(const char *rolename, Oid roleid,
List *memberSpecs, List *memberIds,
Oid grantorId, bool admin_opt)
{
else
{
if (!have_createrole_privilege() &&
!is_admin_of_role(grantorId, roleid))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must have admin option on role \"%s\"",
rolename)));
}
I think the line "if (!have_createrole_privilege() &&
!is_admin_of_role(grantorId, roleid))" should been modifed to "if
(!have_createrole_privilege() || !is_admin_of_role(grantorId, roleid))" .
Security code would ideally be written so not erroring requires an actual matched condition while leaving the default to be an error. So, I think, the && is ok, remove both negations, put a commented no-op there, and move the error to an else block.
Whether that is sufficient for this bug I do not know, but it would be a more secure format.
David J.
В списке pgsql-bugs по дате отправления: