Magnus Hagander <mag...@hagander.net> writes:
> On Thu, Dec 23, 2010 at 16:15, Tom Lane <t...@sss.pgh.pa.us> wrote:
>> I think only superusers should be allowed to change the flag.
> That was certainly not intentional - and doesn't work that way for me
> at least, unless I broke it right before I submitted it.
> oh hang on.. Yeah, it's allowing anybody *that has CREATE ROLE*
> privilege to do it, I think. And I agree that's wrong and should be
> fixed. But I can't see it allowing anybody at all to do it - am I
> misreading the code?
Ah, sorry, yeah there are probably CREATE ROLE privilege checks
somewhere upstream of here. I was expecting to see a privilege check
added by the patch itself, and did not, so I complained.
regards, tom lane
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
