Hi hackers!
This thread continues discussion of allowing something to non-superuser, AFAIK previous was [0].
Currently only superuser is allowed to create LEAKPROOF functions because leakproof functions can see tuples which have
notyet been filtered out by security barrier views or row level security policies.
But managed cloud services typically do not provide superuser roles. I'm thinking about allowing the database owner or
someonewith BYPASSRLS flag to create these functions. Or, perhaps, pg_read_all_data.
And I'm trying to figure out if there are any security implications. Consider a user who already has access to all user
datain a DB and the ability to create LEAKPROOF functions. Can they gain a superuser role or access something else that
isavailable only to a superuser?
Is it possible to relax requirements for the creator of LEAKPROOF functions in upstream Postgres?
I'll appreciate any comments. Thanks!
Best regards, Andrey Borodin.
[0]
https://www.postgresql.org/message-id/flat/CACqFVBbx6PDq%2B%3DvHM0n78kHzn8tvOM-kGO_2q_q0zNAMT%2BTzdA%40mail.gmail.com
