Thread: Is this a security oversight?
As a security rule, you cannot create a cast without owning one of the types. This was a problem for me because I wanted a cast from bool to bigint, and there isn't one.
The following code successfully creates it, not as postgres and not as a superuser. I'm glad it works, but the ease of this eliminates most of why I think you might want a security rule like the above:
CREATE OR REPLACE FUNCTION public.to_bigint (p_bool BOOL)
RETURNS BIGINT
language 'sql' AS $$
SELECT p_bool::int::bigint;
$$;
do $$
DECLARE
v_owner TEXT;
BEGIN
SELECT rolname::text
FROM pg_type t
JOIN pg_roles r
ON t.typowner = r.oid
WHERE t.typname = 'bool'
INTO v_owner;
ALTER TYPE bool OWNER TO current_user;
DROP CAST IF EXISTS (bool AS bigint);
CREATE CAST (bool AS bigint)
WITH FUNCTION public.to_bigint;
EXECUTE 'ALTER TYPE bool OWNER TO ' || v_owner;
END
$$;
RETURNS BIGINT
language 'sql' AS $$
SELECT p_bool::int::bigint;
$$;
do $$
DECLARE
v_owner TEXT;
BEGIN
SELECT rolname::text
FROM pg_type t
JOIN pg_roles r
ON t.typowner = r.oid
WHERE t.typname = 'bool'
INTO v_owner;
ALTER TYPE bool OWNER TO current_user;
DROP CAST IF EXISTS (bool AS bigint);
CREATE CAST (bool AS bigint)
WITH FUNCTION public.to_bigint;
EXECUTE 'ALTER TYPE bool OWNER TO ' || v_owner;
END
$$;
Ben Tilly <btilly@gmail.com> writes:
> As a security rule, you cannot create a cast without owning one of the
> types.
Check.
> The following code successfully creates it, not as postgres and not as a
> superuser.
Really? When I try that as an ordinary user, I get
ERROR: must be owner of type boolean
CONTEXT: SQL statement "ALTER TYPE bool OWNER TO current_user"
PL/pgSQL function inline_code_block line 12 at SQL statement
If there is a way where that actually does work without superuser
privileges, please send the details to security@postgresql.org.
regards, tom lane
Bizarre, I thought I had tested that by dropping superuser and trying it. But I must not have.
In that case please modify this to a request to allow casts to be created by a superuser without having to change the ownership of the objects involved.
On Tue, Aug 10, 2021 at 11:32 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Ben Tilly <btilly@gmail.com> writes:
> As a security rule, you cannot create a cast without owning one of the
> types.
Check.
> The following code successfully creates it, not as postgres and not as a
> superuser.
Really? When I try that as an ordinary user, I get
ERROR: must be owner of type boolean
CONTEXT: SQL statement "ALTER TYPE bool OWNER TO current_user"
PL/pgSQL function inline_code_block line 12 at SQL statement
If there is a way where that actually does work without superuser
privileges, please send the details to security@postgresql.org.
regards, tom lane
Ben Tilly <btilly@gmail.com> writes:
> In that case please modify this to a request to allow casts to be created
> by a superuser without having to change the ownership of the objects
> involved.
I think you're still confused. That case does work.
regards, tom lane