Quick Links

Re: pgsql: Fix search_path to a safe value during maintenance operations.

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Robert Haas <robertmhaas(at)gmail(dot)com>
Cc:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Noah Misch <noah(at)leadboat(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Nathan Bossart <nathandbossart(at)gmail(dot)com>
Subject:	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Date:	2023-06-30 00:36:17
Message-ID:	43bbc9f7318057f51552d5986830908cb018dadf.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-committers pgsql-hackers

On Thu, 2023-06-29 at 11:19 -0400, Robert Haas wrote:
> Yeah. I mean, as things stand, it seems like giving someone the
> MAINTAIN privilege will be sufficient to allow them to escalate to
> the
> table owner if there are any expression indexes involved. That seems
> like a real problem. We shouldn't ship a new feature with a built-in
> security hole like that.

Let's take David's suggestion[1] then, and only restrict the search
path for those without owner privileges on the object.

That would mean no behavior change unless using the MAINTAIN privilege,
which is new, so no breakage. And if someone is using the MAINTAIN
privilege, they wouldn't be able to abuse the search_path, so it would
close the hole.

Patch attached (created a bit quickly, but seems to work).

Regards,
Jeff Davis

[1]
https://postgr.es/m/CAKFQuwaVJkM9u%2BqpOaom2UkPE1sz0BASF-E5amxWPxncUhm4Hw%40mail.gmail.com

Attachment	Content-Type	Size
0001-Restrict-search_path-for-non-owners-performing-maint.patch	text/x-patch	10.8 KB

In response to

Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-29 15:19:38 from Robert Haas

Responses

Re: pgsql: Fix search_path to a safe value during maintenance operations. at 2023-06-30 00:53:56 from Tom Lane

Browse pgsql-committers by date

	From	Date	Subject
Next Message	Tom Lane	2023-06-30 00:53:56	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Previous Message	Michael Paquier	2023-06-30 00:23:25	pgsql: Use named captures in Catalog::ParseHeader()

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2023-06-30 00:53:56	Re: pgsql: Fix search_path to a safe value during maintenance operations.
Previous Message	Andres Freund	2023-06-30 00:29:52	Re: Changing types of block and chunk sizes in memory contexts