| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Inheritance is a security loophole! |
| Date: | 2000-12-22 19:00:34 |
| Message-ID: | 15940.977511634@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The lack of a permissions check for creating a child table means that
in current sources, any user can inject data of his choosing into
another user's tables. Example:
User A:
regression=> create table foo (f1 text);
CREATE
regression=> insert into foo values ('good data');
INSERT 271570 1
User B:
regression=> create table foohack () inherits (foo);
CREATE
regression=> insert into foohack values ('you have been hacked!');
INSERT 271598 1
Now User A sees:
regression=> select * from foo;
f1
-----------------------
good data
you have been hacked!
(2 rows)
User A can only avoid this trap by being very careful to specify ONLY
in every query. If he *intends* to use foo as an inheritance tree
master, then that cure doesn't work either.
Just to add insult to injury, user A is now unable to drop table foo.
He'll also get permission failures from commands like "UPDATE foo ..."
I suppose a proper fix would involve adding a new permission type "can
make child tables", but I don't want to mess with that at the moment.
For 7.1, I propose that we only allow creation of child tables to the
owner of the parent table.
Comments?
regards, tom lane
PS: another interesting problem: create a temp table, then create a
non-temp table that inherits from it. Unhappiness ensues when you
end your session. Need to prohibit this combination, I think.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Wilderman Ceren | 2000-12-22 19:12:24 | as i work BLOB's from PostODBC |
| Previous Message | Tom Lane | 2000-12-22 17:52:15 | Re: RI problem with inherited table |