| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, Jeff Davis <pgsql(at)j-davis(dot)com>, Amit Kapila <amit(dot)kapila16(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Non-superuser subscription owners |
| Date: | 2023-02-03 08:47:48 |
| Message-ID: | 20230203084748.odpbqaiil3lkyngq@alap3.anarazel.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On 2023-02-02 09:28:03 -0500, Robert Haas wrote:
> I don't know what you mean by this. DML doesn't confer privileges. If
> code gets executed and runs with the replication user's credentials,
> that could lead to privilege escalation, but just moving rows around
> doesn't, at least not in the database sense.
Executing DML ends up executing code. Think predicated/expression
indexes, triggers, default expressions etc. If a badly written trigger
etc can be tricked to do arbitrary code exec, an attack will be able to
run with the privs of the run-as user. How bad that is is influenced to
some degree by the amount of privileges that user has.
Greetings,
Andres Freund
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jacktby@gmail.com | 2023-02-03 09:18:50 | Where is the logig to create a table file? |
| Previous Message | Thomas Munro | 2023-02-03 08:19:23 | Re: Weird failure with latches in curculio on v15 |