| From: | Feike Steenbergen <feikesteenbergen(at)gmail(dot)com> |
|---|---|
| To: | jian he <jian(dot)universality(at)gmail(dot)com> |
| Cc: | PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them |
| Date: | 2025-05-24 06:38:50 |
| Message-ID: | CAK_s-G0qAbqJqJ_Ufs3yrKLFNFr-RimmOrLUuA+pOVdHNpHpZQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 23 May 2025 at 14:48, jian he <jian(dot)universality(at)gmail(dot)com> wrote:
> when you mark it as IMMUTABLE, postgres think it's IMMUTABLE, but in this
case
> exploit_generated.exploit(i int) clearly is not an IMMUTABLE function.
>
> Only IMMUTABLE functions are allowed in generated expressions,
> but you can still misuse it by wrongly tagging the function as IMMUTABLE.
Yeah, I'm quite aware that the pattern used in the example isn't what one
*should* be doing. However, the problem with the exploit that it *could* be
done this way.
The loophole is this:
- the generated virtual column can use a user-defined function
- when running SELECT against that column by a superuser
the function is called within the context of a superuser
- this in turn allows the regular user to run any code within
the context of superuser
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Lakshmi Narayana Velayudam | 2025-05-24 07:16:37 | Copy Tuple Desc in internal_get_result_type |
| Previous Message | Amit Kapila | 2025-05-24 05:57:05 | Re: Random subscription 021_twophase test failure on kestrel |