| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | pg_parameter_aclcheck() and trusted extensions |
| Date: | 2022-07-06 22:47:27 |
| Message-ID: | 20220706224727.GA2158260@nathanxps13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi hackers,
I found that as of a0ffa88, it's possible to set a PGC_SUSET GUC defined by
a trusted extension as a non-superuser. I've confirmed that this only
affects v15 and later versions.
postgres=# CREATE ROLE testuser;
CREATE ROLE
postgres=# GRANT CREATE ON DATABASE postgres TO testuser;
GRANT
postgres=# SET ROLE testuser;
SET
postgres=> SET plperl.on_plperl_init = 'test';
SET
postgres=> CREATE EXTENSION plperl;
CREATE EXTENSION
postgres=> SELECT setting FROM pg_settings WHERE name = 'plperl.on_plperl_init';
setting
---------
test
(1 row)
On previous versions, the CREATE EXTENSION command emits the following
WARNING, and the setting does not take effect:
WARNING: permission denied to set parameter "plperl.on_plperl_init"
I think the call to superuser_arg() in pg_parameter_aclmask() is causing
set_config_option() to bypass the normal privilege checks, as
execute_extension_script() will have set the user ID to the bootstrap
superuser for trusted extensions like plperl. I don't have a patch or a
proposal at the moment, but I thought it was worth starting the discussion.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Chavez | 2022-07-06 23:15:45 | Fwd: Add red-black tree missing comparison searches |
| Previous Message | David G. Johnston | 2022-07-06 22:07:46 | Re: BUG #17540: Prepared statement: PG switches to a generic query plan which is consistently much slower |