| From: | Tomasz Ostrowski <tometzky(at)batory(dot)org(dot)pl> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Advisory on possibly insecure security definer functions |
| Date: | 2007-02-20 12:34:20 |
| Message-ID: | 20070220123420.GB9773@batory.org.pl |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-announce pgsql-general |
On Wed, 14 Feb 2007, Peter Eisentraut wrote:
> By installing functions or operators with appropriate signatures in
> other schemas, users can then redirect any function or operator
> call in the function code to implementations of their choice
> [snip]
> The proper fix for this problem is to insert explicit SET search_path
> commands into each affected function to produce a known safe schema
> search path.
This fix is not enough in certain common configurations. I've sent a
proof of concept to security<at>postgresql.org, but I won't disclose
it before I'm allowed to by security team.
Regards
Tometzky
--
...although Eating Honey was a very good thing to do, there was a
moment just before you began to eat it which was better than when you
were...
Winnie the Pooh
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Selena Deckelmann | 2007-02-20 15:58:13 | Fwd: [ANNOUNCE] == PostgreSQL Weekly News - February 18 2007 == |
| Previous Message | David Fetter | 2007-02-19 03:34:12 | == PostgreSQL Weekly News - February 18 2007 == |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Merlin Moncure | 2007-02-20 14:30:08 | Re: boolean operator on interval producing strange results |
| Previous Message | Gabriel Colina | 2007-02-20 11:59:53 | Re: QNX, RTOS y Postgres OT |