Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: "Lars Olson" <leolson1(at)uiuc(dot)edu>
- Cc: pgsql-bugs(at)postgresql(dot)org
- Subject: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Date: Mon, 31 Mar 2008 17:46:48 -0400
- Message-id: <24862.1207000008@sss.pgh.pa.us> <text/plain>
"Lars Olson" <leolson1(at)uiuc(dot)edu> writes: > Creating a view that depends on the value of SESSION_USER enables a > minimally-privileged user to write a user-defined function that contains a > trojan-horse to get arbitrary data from the base table. This example proves nothing except that you shouldn't execute untrusted code --- Carol gave up her data by willingly executing Bob's function. I don't think that the use of SESSION_USER is particularly to blame. There are certainly any number of other ways Bob could have abused her trust here. > This is highly related to a paper I am preparing for a security conference > that I am submitting in two weeks. Sorry about the short notice, I only > just thought of this problem yesterday. I would like to use this as an > example in my paper, but I will not do so without PostgreSQL's permission. > Please advise. If this were a security issue, you already spilled the beans by reporting it to a public mailing list; so I'm unsure what you are concerned about. regards, tom lane
- Follow-Ups:
- References:
- Prev by Date: Re: BUG #4073: ERROR: invalid input syntax for type timestamp: "Sat Mar 29 04:47:06 WEST 2008"
- Next by Date: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Previous by thread: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Next by thread: Re: BUG #4074: Using SESSION_USER or CURRENT_USER in a view definition is unsafe
- Indexes: