| From: | Ben Tilly <btilly(at)gmail(dot)com> |
|---|---|
| To: | pgsql-sql(at)lists(dot)postgresql(dot)org |
| Subject: | Is this a security oversight? |
| Date: | 2021-08-10 17:41:48 |
| Message-ID: | CANoac9V3t2LerZ8x3gt-UDeLWJntreBysXM6NrDurpGcXA9+fw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
As a security rule, you cannot create a cast without owning one of the
types. This was a problem for me because I wanted a cast from bool to
bigint, and there isn't one.
The following code successfully creates it, not as postgres and not as a
superuser. I'm glad it works, but the ease of this eliminates most of why
I think you might want a security rule like the above:
CREATE OR REPLACE FUNCTION public.to_bigint (p_bool BOOL)
RETURNS BIGINT
language 'sql' AS $$
SELECT p_bool::int::bigint;
$$;
do $$
DECLARE
v_owner TEXT;
BEGIN
SELECT rolname::text
FROM pg_type t
JOIN pg_roles r
ON t.typowner = r.oid
WHERE t.typname = 'bool'
INTO v_owner;
ALTER TYPE bool OWNER TO current_user;
DROP CAST IF EXISTS (bool AS bigint);
CREATE CAST (bool AS bigint)
WITH FUNCTION public.to_bigint;
EXECUTE 'ALTER TYPE bool OWNER TO ' || v_owner;
END
$$;
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-08-10 18:32:10 | Re: Is this a security oversight? |
| Previous Message | intmail01@gmail.com | 2021-08-09 17:48:56 | Re: Hide some tables |