Re: Special role for subscriptions

From: Evgeniy Efimkin <efimkin(at)yandex-team(dot)ru>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Andrey Borodin <x4mmm(at)yandex-team(dot)ru>, Michael Paquier <michael(at)paquier(dot)xyz>, Jeff Davis <pgsql(at)j-davis(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Дмитрий Сарафанников <dsarafan(at)yandex-team(dot)ru>, Владимир Бородин <root(at)simply(dot)name>
Subject: Re: Special role for subscriptions
Date: 2019-03-21 10:11:36
Message-ID: 109201553163096@myt5-68ad52a76c91.qloud-c.yandex.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi!
> - If the user's permissions are later revoked, the subscription is unaffected.
Now it work the same, if we revoke superuser, subscription is unaffected and replication still work

Don't check grants in target database is very dangerous, i create publication with system tables(it's not difficult)

select * from pg_publication_tables ;
pubname | schemaname | tablename
---------+------------+--------------------
pub | pg_catalog | pg_authid
(1 row)

After that i create subscription, in log i see that
2019-03-21 11:19:50.863 MSK [58599] LOG: logical replication table synchronization worker for subscription "sub_nosuper", table "pg_authid" has started
2019-03-21 11:19:51.039 MSK [58599] ERROR: null value in column "oid" violates not-null constraint
2019-03-21 11:19:51.039 MSK [58599] DETAIL: Failing row contains (null, pg_monitor, f, t, f, f, f, f, f, -1, null, null).
2019-03-21 11:19:51.039 MSK [58599] CONTEXT: COPY pg_authid, line 1: "pg_monitor f t f f f f f -1 \N \N"

I think it's no problem use it to attack target server after some hack on publication side.

--------
Efimkin Evgeny

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Evgeniy Efimkin 2019-03-21 10:21:58 Re: Special role for subscriptions
Previous Message Fabien COELHO 2019-03-21 09:57:41 Re: Offline enabling/disabling of data checksums