Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view

Поиск
Список
Период
Сортировка
От Laurenz Albe
Тема Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
Дата
Msg-id 09970dbb6f95a34d9427c32b09517ea709c77d02.camel@cybertec.at
обсуждение исходный текст
Ответ на Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view  (Maxim Boguk <maxim.boguk@gmail.com>)
Ответы Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view  (Bruce Momjian <bruce@momjian.us>)
Список pgsql-bugs
Дерево обсуждения 
On Tue, 2024-03-12 at 12:40 +0200, Maxim Boguk wrote:
> May I suggest a change to always allow superuser run
> REFRESH MATERIALIZED VIEW (may be via set role or similar mechanics)?

If the query ran with superuser permissions, that would be
a security problem:

  CREATE TABLE log (t text);

  CREATE FUNCTION f() RETURNS integer LANGUAGE sql
     AS 'INSERT INTO log VALUES (''x''); SELECT 42';

  CREATE MATERIALIZED VIEW v AS SELECT f();

Now imagine you create a malicious trigger on "log" and
get a superuser to refresh the materialized view.


I don't see why it should be a problem if a superuser gets
"permission denied" in such a case.  They can also get it if
they call a SECURITY DEFINER function owned by a non-superuser.

Yours,
Laurenz Albe

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Maxim Boguk
Дата:
Сообщение: Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
Следующее
От: "Wetmore, Matthew (CTR)"
Дата:
Сообщение: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view