PostgreSQL and CREATEROLE permission

[Jeffrey Walton <noloader () gmail com>]

Hi Everyone,

This information showed up on the pgsql-general mailing list at [1].
It appears a user with CREATEROLE can elevate to root through
pg_execute_server_program.[2]

It looks like PostgreSQL folks will be changing a recommendation and
modifying behavior at v16.[3] Here is the commit of interest: [4].
Changes will not be made for previously released versions of
PostgreSQL.[3]

PostgreSQL does not have a hardening guide. I would hate to see the
nugget lost in a mailing list message or change log entry.

[1] https://www.postgresql.org/message-id/DEFDC682-5BE8-4406-843A-E294C917D6BC%40yugabyte.com
[2] https://www.postgresql.org/message-id/db2c7c3e0c065ca89bb9664b3f6e01cef4f6de8a.camel%40cybertec.at
[3] https://www.postgresql.org/message-id/CAKFQuwY0%3D4_ybzmJ-xi%3D%3DG%3Dm8ONA8hBtujzOwbPm4CNGvqHLEg%40mail.gmail.com
[4] https://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=1c77873727dfd2e48ab2ece84d1fb1676e95f9a5