| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | "Sergey N(dot) Yatskevich" <syatskevich(at)n21lab(dot)gosniias(dot)msk(dot)ru> |
| Cc: | PostgreSQL-general <pgsql-general(at)postgreSQL(dot)org> |
| Subject: | Re: [BUGS] Probably a security bug in PostgreSQL rule system |
| Date: | 2004-02-10 14:38:53 |
| Message-ID: | 200402101438.i1AEcrc14702@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-general |
Would someone comment on this?
---------------------------------------------------------------------------
Sergey N. Yatskevich wrote:
> At begin some citations from PostgreSQL documentation:
>
> <citation>
> 34.4. Rules and Privileges
>
> <skip/>
> Rewrite rules don't have a separate owner. The owner of a relation
> (table or view) is automatically the owner of the rewrite rules that are
> defined for it. The PostgreSQL rule system changes the behavior of the
> default access control system. Relations that are used due to rules get
> checked against the privileges of the rule owner, not the user invoking
> the rule. <note>This means that a user only needs the required
> privileges for the tables/views that he names explicitly in his
> queries</note>.
> <skip/>
> <note>This mechanism also works for update rules</note>. In the examples
> of the previous section, the owner of the tables in the example database
> could grant the privileges SELECT, INSERT, UPDATE, and DELETE on the
> shoelace view to someone else, but only SELECT on shoelace_log. The rule
> action to write log entries will still be executed successfully, and
> that other user could see the log entries. But he cannot create fake
> entries, nor could he manipulate or remove existing ones.
> </citation>
>
> Next -- test and it's output, that shows, that if view has INSERT,
> UPDATE and DELETE rules then _ANY_ user can insert, update and delete
> data in tables, that affected by this rules even user has no INSERT,
> UPDATE and DELETE privileges on view and table.
>
> This problem exists for at least 7.3.4 and 7.4.1 PostgreSQL versions.
>
> This is very strange and I'm not sure that I understand all true.
>
> P.S. Please help me solve this problem ASAP.
>
> P.P.S. Sorry for my bad english, but I hope You understand me.
>
> --
> Sergey N. Yatskevich <syatskevich(at)n21lab(dot)gosniias(dot)msk(dot)ru>
> GosNIIAS
[ Attachment, skipping... ]
[ Attachment, skipping... ]
[ Attachment, skipping... ]
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faqs/FAQ.html
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John Siracusa | 2004-02-10 15:10:41 | Re: Expected regression test difference on Mac OSX... |
| Previous Message | Daniel Struck | 2004-02-10 13:30:24 | abnormal behaviour of a CHECK CONSTRAINT with a regular expression when a trigger is added |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2004-02-10 14:39:07 | Re: psql's "\d" and CLUSTER |
| Previous Message | Francisco Reyes | 2004-02-10 14:24:14 | Changing schema owner? |