Re: Identifying user-created objects
| От | Fujii Masao |
|---|---|
| Тема | Re: Identifying user-created objects |
| Дата | |
| Msg-id | 736f286b-4725-99cb-c7de-be7eba215408@oss.nttdata.com обсуждение исходный текст |
| Ответ на | Identifying user-created objects (Masahiko Sawada <masahiko.sawada@2ndquadrant.com>) |
| Ответы |
Re: Identifying user-created objects
|
| Список | pgsql-hackers |
On 2020/02/05 20:26, Masahiko Sawada wrote: > Hi, > > User can create database objects such as functions into pg_catalog. > But if I'm not missing something, currently there is no > straightforward way to identify if the object is a user created object > or a system object which is created during initdb. If we can do that > user will be able to check if malicious functions are not created in > the database, which is important from the security perspective. The function that you are proposing is really enough for this use case? What if malicious users directly change the oid of function to < FirstNormalObjectId? Or you're assuming that malicious users will never log in as superuser and not be able to change the oid? Regards, -- Fujii Masao NTT DATA CORPORATION Advanced Platform Technology Group Research and Development Headquarters
В списке pgsql-hackers по дате отправления: