Home > mailing lists

Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view - Mailing list pgsql-bugs

From	Laurenz Albe
Subject	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
Date	March 12 15:22:33
Msg-id	09970dbb6f95a34d9427c32b09517ea709c77d02.camel@cybertec.at Whole thread Raw
In response to	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view (Maxim Boguk <maxim.boguk@gmail.com>)
Responses	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view (Bruce Momjian <bruce@momjian.us>)
List	pgsql-bugs

Tree view

On Tue, 2024-03-12 at 12:40 +0200, Maxim Boguk wrote:
> May I suggest a change to always allow superuser run
> REFRESH MATERIALIZED VIEW (may be via set role or similar mechanics)?

If the query ran with superuser permissions, that would be
a security problem:

  CREATE TABLE log (t text);

  CREATE FUNCTION f() RETURNS integer LANGUAGE sql
     AS 'INSERT INTO log VALUES (''x''); SELECT 42';

  CREATE MATERIALIZED VIEW v AS SELECT f();

Now imagine you create a malicious trigger on "log" and
get a superuser to refresh the materialized view.

I don't see why it should be a problem if a superuser gets
"permission denied" in such a case.  They can also get it if
they call a SECURITY DEFINER function owned by a non-superuser.

Yours,
Laurenz Albe

pgsql-bugs by date:

From: Maxim Boguk
Date: 12 March, 13:40:31
Subject: Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view

From: "Wetmore, Matthew (CTR)"
Date: 12 March, 16:51:46
Subject: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view

Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view - Mailing list pgsql-bugs

Previous

Next