Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
| От | David G. Johnston |
|---|---|
| Тема | Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them |
| Дата | |
| Msg-id | CAKFQuwYBMQLHFxu1NnwstVviELp-dwR9Ei7QWpXAHX_J9g6LMQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | pg18: Virtual generated columns are not (yet) safe when superuser selects from them (Feike Steenbergen <feikesteenbergen@gmail.com>) |
| Список | pgsql-hackers |
On Saturday, May 24, 2025, jian he <jian.universality@gmail.com> wrote:
On Sat, May 24, 2025 at 2:39 PM Feike Steenbergen
<feikesteenbergen@gmail.com> wrote:
>
> The loophole is this:
>
> - the generated virtual column can use a user-defined function
> - when running SELECT against that column by a superuser
> the function is called within the context of a superuser
> - this in turn allows the regular user to run any code within
> the context of superuser
sorry, I am not fully sure what this means.
a minimum sql reproducer would be great.
This is same complaint being made against “security invoker” triggers existing/being the default. Or the general risk in higher privileged users running security invoker functions written by lesser privileged users.
The features conform to our existing security model design. Discussions are happening as pertains to that model and the OP should chime in there to contribute to the overall position of the project and not relegate the complaint to any one particular feature.
David J.
В списке pgsql-hackers по дате отправления: