From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> |
Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, Postgresql Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: reuse sysids security hole? |
Date: | 2003-08-12 14:59:13 |
Message-ID: | 2472.1060700353@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> On Tue, 12 Aug 2003, Andrew Dunstan wrote:
>> Is this a security hole? Looks like one to me. Would it be better to use
>> a sequence generator for sysids instead of using max+1 on the user
>> table? Or else store the last sysid used somewhere?
> This issue has been discussed before and it was agreed that since most
> UNIX systems will behave in the same way, there's no way to know. Also, it
> is not possible for a given database to know the max(sysid) of pg_user in
> another database.
You forget that pg_shadow is a shared (cluster-wide) table.
I believe we could make a shared sequence object, too, if we wanted to
go the sequence route.
Right at the moment I like both ideas: a shared sequence to generate new
sysids, and don't ever delete pg_shadow rows. One attraction of the
sequence generator is that scans over pg_shadow could get rather tedious
if we follow the latter policy. But with a sequence, CREATE USER
wouldn't need to do a scan.
Something else that should be factored into any redesign of pg_shadow is
the notion of combining users and groups, at least to the extent of
having a common sysid space for both. See discussion started by Peter
a month or two back (I think thread title mentioned "roles").
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | scott.marlowe | 2003-08-12 15:06:14 | Re: On Linux Filesystems |
Previous Message | scott.marlowe | 2003-08-12 14:47:28 | Re: Oversight? |