Home > mailing lists

Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them - Mailing list pgsql-hackers

From	Pavel Stehule
Subject	Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
Date	June 5 14:33:42
Msg-id	CAFj8pRC0quqJr-eR5i1c40g+QpT4Tvr9MfZgF44Rt0q++3d6dQ@mail.gmail.com Whole thread Raw
In response to	Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them (Peter Eisentraut <peter@eisentraut.org>)
List	pgsql-hackers

Tree view

čt 5. 6. 2025 v 12:49 odesílatel Peter Eisentraut <peter@eisentraut.org> napsal:

On 23.05.25 10:43, Feike Steenbergen wrote:
> Attached is a sample exploit, that achieves this, key components:
>
> - the GENERATED column uses a user defined immutable function
> - this immutable function cannot ALTER ROLE (needs volatile)
> - therefore this immutable function calls a volatile function
> - the volatile function can contain any security exploit

I propose to address this by not allowing the use of user-defined
functions in generation expressions for now. The attached patch
implements this. This assumes that all built-in functions are
trustworthy, for this purpose, which seems likely true and likely desirable.

I think the feature is still useful like that, and this approach
provides a path to add new functionality in the future that grows this
set of allowed functions, for example by allowing some configurable set
of "trusted" functions or whatever.

Regards

Pavel

pgsql-hackers by date:

From: Dagfinn Ilmari Mannsåker
Date: 05 June, 14:22:58
Subject: Re: add function for creating/attaching hash table in DSM registry

From: Peter Eisentraut
Date: 05 June, 14:47:03
Subject: Re: [PATCH] Split varlena.c into varlena.c and bytea.c

Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them - Mailing list pgsql-hackers

Previous

Next