| From: | Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Identifying user-created objects |
| Date: | 2020-02-05 11:26:27 |
| Message-ID: | CA+fd4k7Zr+yQLYWF3O_KjAJyYYUZFBZ_dFchfBvq5bMj9GgKQw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
User can create database objects such as functions into pg_catalog.
But if I'm not missing something, currently there is no
straightforward way to identify if the object is a user created object
or a system object which is created during initdb. If we can do that
user will be able to check if malicious functions are not created in
the database, which is important from the security perspective.
I've attached PoC patch to introduce a SQL function
pg_is_user_object() that returns true if the given oid is user object
oid, that is greater than or equal to FirstNormalObjectId. Feedback is
very welcome.
Regards,
--
Masahiko Sawada http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| Attachment | Content-Type | Size |
|---|---|---|
| identify_user_object.patch | application/octet-stream | 2.8 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Emil Iggland | 2020-02-05 11:46:33 | Re: BUG #15858: could not stat file - over 4GB |
| Previous Message | Amit Kapila | 2020-02-05 10:35:28 | Re: PATCH: logical_work_mem and logical streaming of large in-progress transactions |