| From: | Phil Frost <indigo(at)bitglue(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: lastval exposes information that currval does not |
| Date: | 2006-07-06 00:25:02 |
| Message-ID: | 20060706002502.GA7529@unununium.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jul 05, 2006 at 08:06:12PM -0400, Chris Campbell wrote:
> On Jul 5, 2006, at 14:51, Phil Frost wrote:
>
> >test=# create function bump() returns bigint language sql security
> >definer as $$ select nextval('private.seq'); $$;
>
> SECURITY DEFINER means that the function runs with the permissions of
> the role used to create the function (ran the CREATE FUNCTION
> command). Due to your # prompt, I'm guessing that you were a
> superuser when you ran this command. Thus, bump() will be run with
> the superuser's permissions.
>
> The superuser most definitely has permissions to access private.seq.
>
> This has nothing to do with schema security or lastval() versus
> currval().
>
> Check out the CREATE FUNCTION documentation:
>
> http://www.postgresql.org/docs/8.1/interactive/sql-
> createfunction.html
I am well aware of what security definer means. The significant part of
this example is that lastval() will allow the caller to see the value of
a sequence where currval('seq') will not. This means that things which
might have been forbidden in 8.0 are now accessible in 8.1.
It also means that revoking usage on a schema is not sufficient to
prevent a user from accessing things within that schema, a property that
makes me quite uncomfortable.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2006-07-06 00:57:08 | Re: lastval exposes information that currval does not |
| Previous Message | Chris Campbell | 2006-07-06 00:06:12 | Re: lastval exposes information that currval does not |