Skip to content

Commit

Permalink
fix: don't allow alter role nosuperuser
Browse files Browse the repository at this point in the history
  • Loading branch information
@soedirgo
soedirgo committed May 31, 2024
1 parent 40daf95 commit 6d2c6e0
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/supautils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,7 +333,7 @@ supautils_hook(PROCESS_UTILITY_PARAMS)
foreach(option_cell, stmt->options)
{
DefElem *defel = (DefElem *) lfirst(option_cell);
if (strcmp(defel->defname, "superuser") == 0 && defGetBoolean(defel)) {
if (strcmp(defel->defname, "superuser") == 0) {
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("permission denied to alter role"),
Expand Down
2 changes: 2 additions & 0 deletions test/expected/privileged_role.out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,8 @@ ERROR: permission denied to create role
DETAIL: Only roles with the SUPERUSER attribute may create roles with the SUPERUSER attribute.
create role r;
alter role r nosuperuser;
ERROR: permission denied to alter role
DETAIL: Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.
alter role r superuser;
ERROR: permission denied to alter role
DETAIL: Only roles with the SUPERUSER attribute may alter roles with the SUPERUSER attribute.
Expand Down

0 comments on commit 6d2c6e0

Please sign in to comment.