Incorrect description of the WITH CHECK in the row security can lead to the security issue

Поиск
Список
Период
Сортировка
От Олег Самойлов
Тема Incorrect description of the WITH CHECK in the row security can lead to the security issue
Дата
Msg-id 3298321532002010@sas1-2b3c3045b736.qloud-c.yandex.net
обсуждение исходный текст
Ответы Re: Incorrect description of the WITH CHECK in the row security can lead to the security issue
Список pgsql-general
Дерево обсуждения 
Hi all. This is a documentation issue, I already sent to pgsql-docs, but there is not reply.

https://www.postgresql.org/message-id/152637961531.27212.188002690528452126@wrigleys.postgresql.org

I'll try here. 

PostgreSQL 10 (in 11 the same
https://www.postgresql.org/docs/10/static/ddl-rowsecurity.html

cite
To use a different policy for rows that are being added to the table
compared to those rows that are visible, the WITH CHECK clause can be used.
This policy would allow all users to view all rows in the users table, but
only modify their own:

CREATE POLICY user_policy ON users
    USING (true)
    WITH CHECK (user_name = current_user);
end cite

This is is wrong description. Every one can steal other row with such
policy. Lets demonstrate.

You are now connected to database "olleg" as user "olleg".
olleg(at)[local]:9700/olleg
=> create table users (user_name text primary key, description text);
CREATE TABLE
olleg(at)[local]:9700/olleg
=> ALTER TABLE users ENABLE ROW LEVEL SECURITY;
ALTER TABLE
olleg(at)[local]:9700/olleg
=> grant all on users to public;
GRANT
=> CREATE POLICY user_policy ON users
->     USING (true)
->     WITH CHECK (user_name = current_user);
CREATE POLICY
olleg(at)[local]:9700/olleg
=> insert into users (user_name) values ('olleg');
INSERT 0 1
olleg(at)[local]:9700/olleg
=> set role postgres;
SET
olleg(at)[local]:9700/olleg
=# create user test with password 'test' login;
CREATE ROLE
=# \c olleg test localhost 9700
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384,
bits: 256, compression: off)
You are now connected to database "olleg" as user "test" on host "localhost"
at port "9700".
test(at)localhost:9700/olleg
=> select * from users;
 user_name | description 
-----------+-------------
 olleg     | 
(1 row)

test(at)localhost:9700/olleg
=> update users set user_name='test', description='a rude hack';
UPDATE 1
test(at)localhost:9700/olleg
=> select * from users;
 user_name | description 
-----------+-------------
 test      | a rude hack
(1 row)

The right statement to not allow modify rows by other user will be

CREATE POLICY user_policy ON users
    USING (user_name = current_user)
    WITH CHECK (user_name = current_user);
end cite

В списке pgsql-general по дате отправления:

Предыдущее
От: Raghavendra Rao J S V
Дата:
Сообщение: Re: Is it ok to run vacuum full verbose command for live database for the tables which has more dead tuples?
Следующее
От: Torsten Förtsch
Дата:
Сообщение: functions with side effect