Home > mailing lists

Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
Date	May 24 17:00:22
Msg-id	CAKFQuwYBMQLHFxu1NnwstVviELp-dwR9Ei7QWpXAHX_J9g6LMQ@mail.gmail.com Whole thread Raw
In response to	pg18: Virtual generated columns are not (yet) safe when superuser selects from them (Feike Steenbergen <feikesteenbergen@gmail.com>)
List	pgsql-hackers

Tree view

On Saturday, May 24, 2025, jian he <jian.universality@gmail.com> wrote:

On Sat, May 24, 2025 at 2:39 PM Feike Steenbergen
<feikesteenbergen@gmail.com> wrote:
>
> The loophole is this:
>
> - the generated virtual column can use a user-defined function
> - when running SELECT against that column by a superuser
> the function is called within the context of a superuser
> - this in turn allows the regular user to run any code within
> the context of superuser

sorry, I am not fully sure what this means.
a minimum sql reproducer would be great.

This is same complaint being made against “security invoker” triggers existing/being the default. Or the general risk in higher privileged users running security invoker functions written by lesser privileged users.

The features conform to our existing security model design. Discussions are happening as pertains to that model and the OP should chime in there to contribute to the overall position of the project and not relegate the complaint to any one particular feature.

David J.

pgsql-hackers by date:

From: Dmitry Dolgov
Date: 24 May, 16:56:31
Subject: I/O worker and ConfigReload

From: Hannu Krosing
Date: 24 May, 17:02:52
Subject: Re: [PATCH] Extending FK check skipping on replicas to ADD FK and TRUNCATE

Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them - Mailing list pgsql-hackers

Previous

Next