| From: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com> |
|---|---|
| To: | Lars Olson <leolson1(at)uiuc(dot)edu> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe |
| Date: | 2008-03-31 21:36:54 |
| Message-ID: | 47F15976.50007@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs pgsql-www |
Lars Olson wrote:
> Creating a view that depends on the value of SESSION_USER enables a
> minimally-privileged user to write a user-defined function that contains a
> trojan-horse to get arbitrary data from the base table. Using CURRENT_USER
> instead still enables a similar vulnerability.
>
> To reproduce the problem, create three users, alice (base table owner), bob
> (attacker), and carol (other minimally-privileged user). As Alice, create
> the following table and view:
> ...
This seems to be an instance of the general trojan-horse problem
discussed here:
http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.php
In a nutshell, it's just not safe to access a view or function owned by
a user you don't trust. :-(
--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-03-31 21:41:23 | Re: BUG #4073: ERROR: invalid input syntax for type timestamp: "Sat Mar 29 04:47:06 WEST 2008" |
| Previous Message | Heikki Linnakangas | 2008-03-31 21:06:38 | Re: BUG #4073: ERROR: invalid input syntax for type timestamp: "Sat Mar 29 04:47:06 WEST 2008" |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-03-31 21:46:48 | Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe |
| Previous Message | Lars Olson | 2008-03-31 20:55:48 | BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe |