Re: bug in permission handling?

On Mon, 14 Jan 2002, Tom Lane wrote:

> Martin Renters <martin@datafax.com> writes:
> > Should the permissions of a deleted user get assigned to a new user
> > as in the example below?
> 
> That can happen, since the default "usesysid" assignment is "max
> existing usesysid + 1".  If you delete the last user then their sysid
> becomes a candidate for reassignment.  This is not real good, but fixing
> it isn't that high on the priority list (and is difficult to do unless
> we take away the option of hand-assigned sysids ... otherwise we could
> just have a sequence generator for sysids).

Another slight bug with CreateUser() -- there does not appear to be any
checking for potential overflow of sysid. The function scans pg_shadow to
find the largest usrsysid. Once obtained:
   /* If no sysid given, use max existing id + 1 */   if (!havesysid)       sysid = max_id + 1;

Gavin