postgresql81-server -- SET ROLE privilege escalation

ID 0B2B4B4D-A07C-11DA-BE0A-000C6EC775D9
Type freebsd
Reporter FreeBSD
Modified 2006-08-13T00:00:00


The PostgreSQL team reports:

Due to inadequate validity checking, a user could exploit the special case that SET ROLE normally uses to restore the previous role setting after an error. This allowed ordinary users to acquire superuser status, for example.