Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
| От | Tom Lane |
|---|---|
| Тема | Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe |
| Дата | |
| Msg-id | 24862.1207000008@sss.pgh.pa.us обсуждение |
| Ответ на | BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe ("Lars Olson" <leolson1@uiuc.edu>) |
| Ответы |
Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
|
| Список | pgsql-bugs |
"Lars Olson" <leolson1@uiuc.edu> writes:
> Creating a view that depends on the value of SESSION_USER enables a
> minimally-privileged user to write a user-defined function that contains a
> trojan-horse to get arbitrary data from the base table.
This example proves nothing except that you shouldn't execute untrusted
code --- Carol gave up her data by willingly executing Bob's function.
I don't think that the use of SESSION_USER is particularly to blame.
There are certainly any number of other ways Bob could have abused
her trust here.
> This is highly related to a paper I am preparing for a security conference
> that I am submitting in two weeks. Sorry about the short notice, I only
> just thought of this problem yesterday. I would like to use this as an
> example in my paper, but I will not do so without PostgreSQL's permission.
> Please advise.
If this were a security issue, you already spilled the beans by
reporting it to a public mailing list; so I'm unsure what you are
concerned about.
regards, tom lane
В списке pgsql-bugs по дате отправления: