Quick Links

Re: Fixing insecure security definer functions

From:	"Zeugswetter Andreas ADI SD" <ZeugswetterA(at)spardat(dot)at>
To:	"Peter Eisentraut" <peter_e(at)gmx(dot)net>, <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Fixing insecure security definer functions
Date:	2007-02-14 09:21:36
Message-ID:	E1539E0ED7043848906A8FF995BDA57901C137E4@m0143.s-mxs.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

> Regarding the advisory on possibly insecure security definer functions

> that I just sent out (by overriding the search path you can make the
> function do whatever you want with the privileges of the function
> owner), the favored solution after some initial discussion in the core

> team was to save the search path at creation time with each function.

Have you considered hardcoding the schema for each object where it was
found at creation time ? This seems more intuitive to me. Also using a
search
path, leaves the possibility to inject an object into a previous schema.

Andreas

In response to

Fixing insecure security definer functions at 2007-02-13 23:53:27 from Peter Eisentraut

Responses

Re: Fixing insecure security definer functions at 2007-02-14 10:07:45 from Peter Eisentraut
Re: Fixing insecure security definer functions at 2007-02-14 23:07:24 from Josh Berkus

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Pavan Deolasee	2007-02-14 10:04:46	HOT WIP Patch - version 1
Previous Message	Hannu Krosing	2007-02-14 09:13:14	Re: HOT for PostgreSQL 8.3