Skip site navigation (1) Skip section navigation (2)

Nasty security bug with clustering

From: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
To: Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Nasty security bug with clustering
Date: 2004-04-28 05:51:18
Message-ID: 408F4656.2070508@familyhealth.com.au (view raw or flat)
Thread:
Lists: pgsql-hackers
No check is performed for being a superuser, the table owner or that it 
is a system table when marking an index for clustering:

usa=> alter table pg_class cluster on "pg_class_oid_index";
ALTER TABLE
usa=> select oid from pg_class where relname='pg_class_oid_index';
   oid
-------
  16613
(1 row)

usa=> select * from pg_index where indexrelid=16613;
  indexrelid | indrelid | indkey | indclass | indnatts | indisunique | 
indisprimary | indisclustered | indexprs | indpred
------------+----------+--------+----------+----------+-------------+--------------+----------------+----------+---------
       16613 |     1259 | -2     |     1989 |        1 | t           | f 
            | t              |          |
(1 row)

Note how I managed to mark as clustered an index on a system catalog as 
a non-superuser...

Chris


Responses

pgsql-hackers by date

Next:From: Christopher Kings-LynneDate: 2004-04-28 06:04:34
Subject: Clustering system catalog indexes
Previous:From: Tom LaneDate: 2004-04-28 05:16:27
Subject: Re: 7.5 features

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group