Thread: Nasty security bug with clustering

Nasty security bug with clustering

From

Christopher Kings-Lynne

Date:

28 April 2004, 02:45:45

No check is performed for being a superuser, the table owner or that it 
is a system table when marking an index for clustering:

usa=> alter table pg_class cluster on "pg_class_oid_index";
ALTER TABLE
usa=> select oid from pg_class where relname='pg_class_oid_index';  oid
------- 16613
(1 row)

usa=> select * from pg_index where indexrelid=16613; indexrelid | indrelid | indkey | indclass | indnatts | indisunique
|
 
indisprimary | indisclustered | indexprs | indpred

------------+----------+--------+----------+----------+-------------+--------------+----------------+----------+---------
    16613 |     1259 | -2     |     1989 |        1 | t           | f            | t              |          |
 
(1 row)

Note how I managed to mark as clustered an index on a system catalog as 
a non-superuser...

Chris

Re: Nasty security bug with clustering

From

Christopher Kings-Lynne

Date:

28 April 2004, 04:33:07

> No check is performed for being a superuser, the table owner or that it 
> is a system table when marking an index for clustering:

I'm about to submit my SET WITHOUT CLUSTER patch, so I'll fix this bug 
in that.

Chris

Re: Nasty security bug with clustering

From

Tom Lane

Date:

28 April 2004, 10:09:08

Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
>> No check is performed for being a superuser, the table owner or that it 
>> is a system table when marking an index for clustering:

> I'm about to submit my SET WITHOUT CLUSTER patch, so I'll fix this bug 
> in that.

I'm in the middle of reviewing (read whacking around) Rod Taylor's patch
for multiple operations in ALTER TABLE, so I'm afraid that no patch in
the same area is likely to apply cleanly after the dust settles :-(

I had noted the lack of permissions checks in CLUSTER ON (it's fairly
glaring in the reorganized code) and planned to fix it along with what
I was doing.
        regards, tom lane

Re: Nasty security bug with clustering

From

Christopher Kings-Lynne

Date:

28 April 2004, 22:35:16

> I'm in the middle of reviewing (read whacking around) Rod Taylor's patch
> for multiple operations in ALTER TABLE, so I'm afraid that no patch in
> the same area is likely to apply cleanly after the dust settles :-(

OK, Bruce - just ignore the patch I sent in.  I'll refactor it after Tom 
commits.

Chris

Re: Nasty security bug with clustering

From

"Christopher Kings-Lynne"

Date:

04 May 2004, 01:43:00

> I'm in the middle of reviewing (read whacking around) Rod Taylor's patch
> for multiple operations in ALTER TABLE, so I'm afraid that no patch in
> the same area is likely to apply cleanly after the dust settles :-(

OK, Bruce - just ignore the patch I sent in.  I'll refactor it after Tom 
commits.

Chris


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate     subscribe-nomail command to
majordomo@postgresql.orgso that your     message can get through to the mailing list cleanly