Re: PostgreSQL and CREATEROLE permission

[Jeffrey Walton <noloader () gmail com>]

On Thu, Apr 20, 2023 at 3:39 PM Bernd Zeimetz <bernd () bzed de> wrote:
> > This information showed up on the pgsql-general mailing list at [1].
> > It appears a user with CREATEROLE can elevate to root through
> > pg_execute_server_program.[2]
>
> really root? As I understand it you gain access to the DB superuser (usually
> the postgres user) only. Although I could imagine that you could trick
> careless admins into giving you root permissions on that way...

I hope I did not misparse things when I sent the email. My apologies if I did.

Jeff