Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
От | Bruce Momjian |
---|---|
Тема | Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view |
Дата | |
Msg-id | ZfHdeer_0QxksV5p@momjian.us обсуждение исходный текст |
Ответ на | Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view (Laurenz Albe <laurenz.albe@cybertec.at>) |
Ответы |
Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
|
Список | pgsql-bugs |
On Tue, Mar 12, 2024 at 01:22:33PM +0100, Laurenz Albe wrote: > On Tue, 2024-03-12 at 12:40 +0200, Maxim Boguk wrote: > > May I suggest a change to always allow superuser run > > REFRESH MATERIALIZED VIEW (may be via set role or similar mechanics)? > > If the query ran with superuser permissions, that would be > a security problem: > > CREATE TABLE log (t text); > > CREATE FUNCTION f() RETURNS integer LANGUAGE sql > AS 'INSERT INTO log VALUES (''x''); SELECT 42'; > > CREATE MATERIALIZED VIEW v AS SELECT f(); > > Now imagine you create a malicious trigger on "log" and > get a superuser to refresh the materialized view. > > > I don't see why it should be a problem if a superuser gets > "permission denied" in such a case. They can also get it if > they call a SECURITY DEFINER function owned by a non-superuser. Can we improve the error that superusers get so they realize how to fix it? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
В списке pgsql-bugs по дате отправления: