| From: | Amit Langote <amitlangote09(at)gmail(dot)com> |
|---|---|
| To: | Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Identifying user-created objects |
| Date: | 2020-02-06 07:25:47 |
| Message-ID: | CA+HiwqFsrOnQa96-1YeB=YG7+7rxCymVY-9enn4dKF4_brPMiA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Feb 5, 2020 at 8:27 PM Masahiko Sawada
<masahiko(dot)sawada(at)2ndquadrant(dot)com> wrote:
> User can create database objects such as functions into pg_catalog.
> But if I'm not missing something, currently there is no
> straightforward way to identify if the object is a user created object
> or a system object which is created during initdb. If we can do that
> user will be able to check if malicious functions are not created in
> the database, which is important from the security perspective.
>
> I've attached PoC patch to introduce a SQL function
> pg_is_user_object() that returns true if the given oid is user object
> oid, that is greater than or equal to FirstNormalObjectId. Feedback is
> very welcome.
+1.
About the implementation, how about defining a static inline function,
say is_user_object(), next to FirstNormalObjectId's definition and
make pg_is_user_object() call it? There are a few placed in the
backend code that perform the same computation as pg_is_user_object(),
which could be changed to use is_user_object() instead.
Thanks,
Amit
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2020-02-06 07:31:51 | Re: Identifying user-created objects |
| Previous Message | Amit Langote | 2020-02-06 07:05:02 | Re: In PG12, query with float calculations is slower than PG11 |