Home > mailing lists

Re: BUG #13651: trigger security invoker attack - Mailing list pgsql-bugs

From	David G. Johnston
Subject	Re: BUG #13651: trigger security invoker attack
Date	September 30, 2015 06:26:51
Msg-id	CAKFQuwbRFFSMy_0xxGe75MR4XBrCm+rbogug6hrVx044obkMEA@mail.gmail.com Whole thread Raw
In response to	BUG #13651: trigger security invoker attack (digoal@126.com)
Responses	Re: BUG #13651: trigger security invoker attack (德哥 <digoal@126.com>) Re: BUG #13651: trigger security invoker attack (德哥 <digoal@126.com>)
List	pgsql-bugs

Tree view

On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com> wrote:

> I hope this :
>     Nonsuperuser cann't CREATE | ALTER security invoker Functions.
>

In that case don't hold your breath.  Besides, your rules-based spoofing
doesn't actually have this problem since the rule owner is the invoker, not
the original user.  And I'm still confused regarding your original post and
how it describes an active risk.  Your second example is also flawed as
it requires superuser permissions to work.

Security invoker are safe because the caller cannot do anything they
couldn't otherwise do.  That doesn't mean they should treat the code as
trusted or a black-box.

Do you have a suggestion that doesn't amount to scraping the whole thing
and staring over?

David J.

pgsql-bugs by date:

From: "David G. Johnston"
Date: 30 September 2015, 05:22:18
Subject: Re: BUG #13651: trigger security invoker attack

From: "David G. Johnston"
Date: 30 September 2015, 15:59:41
Subject: Re: BUG #13651: trigger security invoker attack

Re: BUG #13651: trigger security invoker attack - Mailing list pgsql-bugs

Previous

Next