José Luis Tallón <jltallon@adv-solutions.net> writes:
> On the other hand, ISTM that what we all intend to achieve is some
> Postgres equivalent of the SUID bit... so why not just do something
> equivalent?
> -------
> LOGIN -- as user with the appropriate role membership / privilege?
> ...
> SET ROLE / SET SESSION AUTHORIZATION WITH COOKIE / IMPERSONATE
> ... do whatever ... -- unprivileged user can NOT do the
> "impersonate" thing
> DISCARD ALL -- implicitly restore previous authz
> -------
Oh? What stops the unprivileged user from doing DISCARD ALL?
I think if we have something like this, it has to be non-resettable
period: you can't get back the old session ID except by reconnecting
and re-authorizing. Otherwise there's just too much risk of security
holes.
regards, tom lane