On Wed, Jul 12, 2023 at 09:37:57PM -0700, Nathan Bossart wrote: > On Mon, Jul 10, 2023 at 01:49:55PM -0700, Nathan Bossart wrote: >> Great. I'm going to wait a few more days in case anyone has additional >> feedback, but otherwise I intend to commit this shortly. > > I've committed 0001 for now. I'm hoping to commit the other two patches > within the next couple of days.
Committed. I dwelled on whether to proceed with this change because it doesn't completely solve the originally-stated problem; i.e., a role that has changed its session authorization before losing superuser can still take advantage of the privileges of the target role, which might include reaquiring superuser. However, I think SET ROLE is subject to basically the same problem, and I'd argue that this change is strictly an improvement, if for no other reason than it makes SET SESSION AUTHORIZATION more consistent with SET ROLE. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
