Postgres Pro
Downloads
Home   >   mailing lists

[HACKERS] search path security issue? - Mailing list pgsql-hackers

From Joshua D. Drake
Subject [HACKERS] search path security issue?
Date
Msg-id 9badbdb1-2519-5416-7d2a-55ff50a5963e@commandprompt.com
Whole thread Raw
Responses Re: [HACKERS] search path security issue?
Re: [HACKERS] search path security issue?
List pgsql-hackers
Tree view 
-hackers,

Please see the below:

"""
postgres=# create user foo;
CREATE ROLE
postgres=# create schema foo;
CREATE SCHEMA
postgres=# alter role foo set search_path to 'foo';
ALTER ROLE
postgres=# \q
jd@jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.

postgres=> show search_path; search_path
------------- foo
(1 row)

postgres=> alter role foo set search_path to default;
ALTER ROLE
postgres=> show search_path; search_path
------------- foo
(1 row)

postgres=> \q


jd@jd-wks:~$ psql -U foo postgres
psql (9.6.5)
Type "help" for help.

postgres=> show search_path;   search_path
----------------- "$user", public
(1 row)


I get being able to change my search_path on the fly but it seems odd 
that as user foo I can change my default search path?

JD



-- 
Command Prompt, Inc. || http://the.postgres.company/ || @cmdpromptinc

PostgreSQL Centered full stack support, consulting and development.
Advocate: @amplifypostgres || Learn: https://pgconf.us
*****     Unless otherwise stated, opinions are my own.   *****


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: [HACKERS] Proposal for CSN based snapshots
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] search path security issue?