Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- From: Heikki Linnakangas <heikki(at)enterprisedb(dot)com>
- To: Lars Olson <leolson1(at)uiuc(dot)edu>
- Cc: pgsql-bugs(at)postgresql(dot)org
- Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Date: Mon, 31 Mar 2008 22:36:54 +0100
- Message-id: <47F15976.50007@enterprisedb.com> <text/plain>
Lars Olson wrote:
Creating a view that depends on the value of SESSION_USER enables a minimally-privileged user to write a user-defined function that contains a trojan-horse to get arbitrary data from the base table. Using CURRENT_USER instead still enables a similar vulnerability. To reproduce the problem, create three users, alice (base table owner), bob (attacker), and carol (other minimally-privileged user). As Alice, create the following table and view: ...
This seems to be an instance of the general trojan-horse problem discussed here:
http://archives.postgresql.org/pgsql-hackers/2008-01/msg00268.phpIn a nutshell, it's just not safe to access a view or function owned by a user you don't trust. :-(
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com
- References:
- Prev by Date: Re: BUG #4073: ERROR: invalid input syntax for type timestamp: "Sat Mar 29 04:47:06 WEST 2008"
- Next by Date: Re: BUG #4073: ERROR: invalid input syntax for type timestamp: "Sat Mar 29 04:47:06 WEST 2008"
- Previous by thread: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Next by thread: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Indexes: