Re: Identifying user-created objects - Mailing list pgsql-hackers

From Amit Langote
Subject Re: Identifying user-created objects
Date
Msg-id CA+HiwqFsrOnQa96-1YeB=YG7+7rxCymVY-9enn4dKF4_brPMiA@mail.gmail.com
Whole thread Raw
In response to Identifying user-created objects  (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>)
Responses Re: Identifying user-created objects
List pgsql-hackers
On Wed, Feb 5, 2020 at 8:27 PM Masahiko Sawada
<masahiko.sawada@2ndquadrant.com> wrote:
> User can create database objects such as functions into pg_catalog.
> But if I'm not missing something, currently there is no
> straightforward way to identify if the object is a user created object
> or a system object which is created during initdb. If we can do that
> user will be able to check if malicious functions are not created in
> the database, which is important from the security perspective.
>
> I've attached PoC patch to introduce a SQL function
> pg_is_user_object() that returns true if the given oid is user object
> oid, that is greater than or equal to FirstNormalObjectId. Feedback is
> very welcome.

+1.

About the implementation, how about defining a static inline function,
say is_user_object(), next to FirstNormalObjectId's definition and
make pg_is_user_object() call it?  There are a few placed in the
backend code that perform the same computation as pg_is_user_object(),
which could be changed to use is_user_object() instead.

Thanks,
Amit



pgsql-hackers by date:

Previous
From: Amit Langote
Date:
Subject: Re: In PG12, query with float calculations is slower than PG11
Next
From: Michael Paquier
Date:
Subject: Re: Identifying user-created objects