Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNWNt-005GwK-0L for pgsql-general@arkaria.postgresql.org; Mon, 24 Nov 2025 13:13:37 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vNWNq-000vrK-1A for pgsql-general@arkaria.postgresql.org; Mon, 24 Nov 2025 13:13:34 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vNWNq-000vrC-00 for pgsql-general@lists.postgresql.org; Mon, 24 Nov 2025 13:13:34 +0000 Received: from mail-ej1-x62a.google.com ([2a00:1450:4864:20::62a]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1vNWNn-001CzX-2z for pgsql-general@lists.postgresql.org; Mon, 24 Nov 2025 13:13:33 +0000 Received: by mail-ej1-x62a.google.com with SMTP id a640c23a62f3a-b7636c96b9aso572166066b.2 for ; Mon, 24 Nov 2025 05:13:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kleczek.org; s=google; t=1763990011; x=1764594811; darn=lists.postgresql.org; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=U5eRPQe+W+txqVoO6FPYWHWm+VKK8O4TWonQQWPys00=; b=NJRTep5+4NuXR3Qak630fI36I720QneqDCGmZ9v1GvEcBGswfStmHBi6dQLyU8M8tp zaZ6Qr1POMq+LvQhNKdKmDsn3QM7K5za78qFZk1oMc7sWBayrrVAsv2gCo27Y0i1uGtO P2v4e57QXy0AClOx/w56pMSwESpJ8+tAcAB6g= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763990011; x=1764594811; h=to:references:message-id:content-transfer-encoding:cc:date :in-reply-to:from:subject:mime-version:x-gm-gg:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=U5eRPQe+W+txqVoO6FPYWHWm+VKK8O4TWonQQWPys00=; b=fdt0kfd6dq1aSgaYKn0OR9dwxy31uaH2F+utKXCfWtpawTUFEqqyddQsvAZiupA/Gw BkE8Cn21hUGjgck9Jham75np2s2LZCLocAmOUphqjihLxgI9CpEaMzX80DuQhxh8DZnD Xrw/mNbSRgH6utpBlBiOHP9m8vgMwoclfDugliPMHSCO6WPa8J9RpdAyhezFxMW4pOX6 4SHqubMLDbbzual8OWNZHmxMPmWqpRpxW9DtF+/rQkwkpHeYXAa9JhIfjRFr1F9BVf/N uFszNOyyLOWUWPYVHIAHQtZFI44mLCVMFRwDdbNqMY3Arg71q5N2v5Y94KMUGjzNhRll 9tPg== X-Gm-Message-State: AOJu0Yze6jzhBSwxh20acdaR/Jbg0YuZCMeLAGreAdTuCpvL5ea1FwD7 VIma0Pyim52KTetntGHc6x+CL/90mLwDWvGp1GbG9Beh0CHTFAGEU0IZTEP+U8o+b04= X-Gm-Gg: ASbGncsI2GF4vaAxl2fukGgNl1lsR12R+7N5yQxR1nmHvez2OlGyKEbSCiy1KyIYEsB kaK6r3XsW0rK2GhU3KSU9D8JNdbAFMEjiE3GO8NQrNAuS3GiNdc72/+VBFIRF/5UouBMY+os6q+ rqGoldevDwd3rT0VFziHN521E2WAFDwH5rrGYnJUdh9o98D9DAdM4jXIXuoPadWVF32ROKVvCxy 0OZbxr8EmIZZPoHsBsnbWIoDvvoIS3PrEwzADhR7qOi7lB2iSQdkng8gaEvbrnd2r/cGc1K2lMw NQ1T0GCWn3+PcDW+gXWjNIf9B9pPlTHE6WFRqfeRQ1wbLYcVXHtAT3CnEkx7FTXySAAt2LC+OET B9kChgZPiYYWNiKeZN4uE54yXM1J1y0saezcz86jIyLaCZnxSP4rZw6mXY3B7XkTaPFeLn+A9RZ /bd5lAQ9nJZeXOZxQQqgO02gkVNY5LRz2JbArnzUo2SRE= X-Google-Smtp-Source: AGHT+IEWRj+Fszm0UIUz2dyR7AJGXryxYti/7MQinViaOKY+YTyDHQaFTWZ3biARLVI+j1zVys1Jig== X-Received: by 2002:a17:906:ee8c:b0:b73:572d:3b07 with SMTP id a640c23a62f3a-b767170ccb3mr1336041966b.28.1763990010989; Mon, 24 Nov 2025 05:13:30 -0800 (PST) Received: from smtpclient.apple (b15.kleczek.org. [185.20.172.182]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b7654d502cfsm1282792566b.19.2025.11.24.05.13.30 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Nov 2025 05:13:30 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.200.81.1.6\)) Subject: Re: set role command From: =?utf-8?Q?Micha=C5=82_K=C5=82eczek?= In-Reply-To: Date: Mon, 24 Nov 2025 14:13:19 +0100 Cc: pgsql-general@lists.postgresql.org Content-Transfer-Encoding: quoted-printable Message-Id: <539FB9D9-7542-487E-AFA7-152EFF9FCC89@kleczek.org> References: To: Calvin Guo X-Mailer: Apple Mail (2.3864.200.81.1.6) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 24 Nov 2025, at 09:15, Calvin Guo wrote: >=20 > I feel that set role logic is kindof misleading. >=20 > I am a superuser, admin, > I do: > set role usera > Now I am under the security context of usera, so I think running any = sql is safe as long as it's allowed by usera. >=20 > Which is not the case! > as usera can do: > set role userb; other sql, > or=20 > reset role; orther sql, > it turns out it's not safe at all, the sql can easily get access right = of the super user. it can impernate userb though they do not have any = relationship whatso ever. >=20 > I really feel, once you "set role usera", you should behave like = usera, you should NOT have the power say: hi, I can assume my super user = power whenever I want. As this make the "set role usera" pretty much = useless. >=20 > It's unsafe! It is a known issue and there were various proposals (need to search = pgsql-hackers list). One of them being =E2=80=9Cset role=E2=80=9D = message at the protocol level (ie. unavailable from SQL). Another being = =E2=80=9CSET ROLE =E2=80=A6 PASSWORD =E2=80=A6=E2=80=9D and =E2=80=9CRESET= ROLE PASSWORD =E2=80=A6=E2=80=9D which would allow resetting the role = only when password is known. I don=E2=80=99t think any of them gained traction to be honest. Kind regards, -- Michal=