Re: Identifying user-created objects

From: Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com>
To: Masahiko Sawada <masahiko(dot)sawada(at)2ndquadrant(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: Identifying user-created objects
Date: 2020-03-04 07:43:05
Message-ID: 736f286b-4725-99cb-c7de-be7eba215408@oss.nttdata.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 2020/02/05 20:26, Masahiko Sawada wrote:
> Hi,
>
> User can create database objects such as functions into pg_catalog.
> But if I'm not missing something, currently there is no
> straightforward way to identify if the object is a user created object
> or a system object which is created during initdb. If we can do that
> user will be able to check if malicious functions are not created in
> the database, which is important from the security perspective.

The function that you are proposing is really enough for this use case?
What if malicious users directly change the oid of function
to < FirstNormalObjectId? Or you're assuming that malicious users will
never log in as superuser and not be able to change the oid?

Regards,

--
Fujii Masao
NTT DATA CORPORATION
Advanced Platform Technology Group
Research and Development Headquarters

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kyotaro Horiguchi 2020-03-04 07:44:25 Re: [HACKERS] WAL logging problem in 9.4.3?
Previous Message Kyotaro Horiguchi 2020-03-04 07:29:19 Re: [HACKERS] WAL logging problem in 9.4.3?