CREATE CONSTRAINT TRIGGER appears to be a security hole
От | Peter Eisentraut |
---|---|
Тема | CREATE CONSTRAINT TRIGGER appears to be a security hole |
Дата | |
Msg-id | Pine.LNX.4.44.0208141832360.20055-100000@localhost.localdomain обсуждение исходный текст |
Ответы |
Re: CREATE CONSTRAINT TRIGGER appears to be a security hole
|
Список | pgsql-hackers |
While the REFERENCES privilege controls who can create foreign keys referring to one's tables, it seems you can evade it by using CREATE CONSTRAINT TRIGGER directly. This is the "slave" portion of a FK constraint I got from pg_dump: CREATE CONSTRAINT TRIGGER "$1" AFTER INSERT OR UPDATE ON "slave" FROM master NOT DEFERRABLE INITIALLY IMMEDIATE FOREACH ROW EXECUTE PROCEDURE "RI_FKey_check_ins" ('$1', 'slave', 'master', 'UNSPECIFIED', 'x', 'a'); To create this you only need to have a privilege on "slave", but it creates a fully functional way to "query" the primary key of the master table by brute force, and probably also to lock the table up, although I haven't checked that. It seems we need to check the privilege on the table mentioned in the FROM "foo" clause as well. Is that correct and sufficient? -- Peter Eisentraut peter_e@gmx.net
В списке pgsql-hackers по дате отправления: