| From: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Feike Steenbergen <feikesteenbergen(at)gmail(dot)com>, jian he <jian(dot)universality(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them |
| Date: | 2025-05-29 18:24:03 |
| Message-ID: | CAEze2WiZihoO8xFC131G1JbZo-Rkd2BrESZUsx1hSAuFTvNpMw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 29 May 2025 at 15:44, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> But so far - apart from this feature - we
> have managed to avoid making it categorically unsafe for the superuser
> to run "SELECT * FROM table"
With CREATE RULE [0], a table owner can redefine what happens during
e.g. SELECT * FROM table. This also includes outputting alternative
data sources, or e.g. calling a user-defined SECURITY INVOKER
function.
PG18 still seems to have support for CREATE RULE, so virtual generated
columns don't create a completely new security issue (blind SELECT *
FROM user_defined_table was already insecure) but rather a new threat
vector to this privilege escalation.
Kind regards,
Matthias van de Meent
Neon (https://neon.tech)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-05-29 18:30:29 | Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them |
| Previous Message | Tom Lane | 2025-05-29 18:15:22 | Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them |