From: | Ben Tilly <btilly(at)gmail(dot)com> |
---|---|
To: | pgsql-sql(at)lists(dot)postgresql(dot)org |
Subject: | Is this a security oversight? |
Date: | 2021-08-10 17:41:48 |
Message-ID: | CANoac9V3t2LerZ8x3gt-UDeLWJntreBysXM6NrDurpGcXA9+fw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
As a security rule, you cannot create a cast without owning one of the
types. This was a problem for me because I wanted a cast from bool to
bigint, and there isn't one.
The following code successfully creates it, not as postgres and not as a
superuser. I'm glad it works, but the ease of this eliminates most of why
I think you might want a security rule like the above:
CREATE OR REPLACE FUNCTION public.to_bigint (p_bool BOOL)
RETURNS BIGINT
language 'sql' AS $$
SELECT p_bool::int::bigint;
$$;
do $$
DECLARE
v_owner TEXT;
BEGIN
SELECT rolname::text
FROM pg_type t
JOIN pg_roles r
ON t.typowner = r.oid
WHERE t.typname = 'bool'
INTO v_owner;
ALTER TYPE bool OWNER TO current_user;
DROP CAST IF EXISTS (bool AS bigint);
CREATE CAST (bool AS bigint)
WITH FUNCTION public.to_bigint;
EXECUTE 'ALTER TYPE bool OWNER TO ' || v_owner;
END
$$;
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2021-08-10 18:32:10 | Re: Is this a security oversight? |
Previous Message | intmail01@gmail.com | 2021-08-09 17:48:56 | Re: Hide some tables |