Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view

Поиск

Список

Период

Сортировка

От	Bruce Momjian
Тема	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
Дата	13 марта 2024 г. 17:08:09
Msg-id	ZfHdeer_0QxksV5p@momjian.us обсуждение исходный текст
Ответ на	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view (Laurenz Albe <laurenz.albe@cybertec.at>)
Ответы	Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view
Список	pgsql-bugs

Дерево обсуждения

On Tue, Mar 12, 2024 at 01:22:33PM +0100, Laurenz Albe wrote:
> On Tue, 2024-03-12 at 12:40 +0200, Maxim Boguk wrote:
> > May I suggest a change to always allow superuser run
> > REFRESH MATERIALIZED VIEW (may be via set role or similar mechanics)?
> 
> If the query ran with superuser permissions, that would be
> a security problem:
> 
>   CREATE TABLE log (t text);
> 
>   CREATE FUNCTION f() RETURNS integer LANGUAGE sql
>      AS 'INSERT INTO log VALUES (''x''); SELECT 42';
> 
>   CREATE MATERIALIZED VIEW v AS SELECT f();
> 
> Now imagine you create a malicious trigger on "log" and
> get a superuser to refresh the materialized view.
> 
> 
> I don't see why it should be a problem if a superuser gets
> "permission denied" in such a case.  They can also get it if
> they call a SECURITY DEFINER function owned by a non-superuser.

Can we improve the error that superusers get so they realize how to fix
it?

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.

В списке pgsql-bugs по дате отправления:

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Re: BUG #18387: Erroneous permission checks and/or misleading error messages with refresh materialized view