Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.databases.postgresql > #850
| From | sten.unto@gmail.com (Unto Sten) |
|---|---|
| Newsgroups | comp.databases.postgresql |
| Subject | Re: plpgsql function SQL injection vulnerability? |
| Date | 2018-10-26 19:06 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <pqvoj7$bll$1@dont-email.me> (permalink) |
| References | <pqstfl$bse$1@dont-email.me> <1a45tdhtfu7cas9hm1em6hgqs47o0afa0v@4ax.com> <pqv2dp$pdn$1@dont-email.me> |
Laurenz Albe <laurenz@nospam.pn> wrote: > The function may be safe from SQL injection, but it is vulnerable to > privilege escalation attacks. > > The attacker could define a ~* operator in "his" schema, set search_path > to that schema and call the function to execute arbitrary code with > elevated privileges. > > That's why you should always define SECURITY DEFINER functions with > SET search_path=pg_catalog > and schema qualify all access to objects in other schemas. Now that information is very important. Thanks a lot for this tip! This code is not in production yet, and I will make sure to implement your additions. Whoa, I am glad I asked! Best regards, Unto Sten
Back to comp.databases.postgresql | Previous | Next — Previous in thread | Next in thread | Find similar
plpgsql function SQL injection vulnerability? sten.unto@gmail.com (Unto Sten) - 2018-10-25 17:11 +0000
Re: plpgsql function SQL injection vulnerability? George Neuner <gneuner2@comcast.net> - 2018-10-26 00:47 -0400
Re: plpgsql function SQL injection vulnerability? Laurenz Albe <laurenz@nospam.pn> - 2018-10-26 12:47 +0000
Re: plpgsql function SQL injection vulnerability? sten.unto@gmail.com (Unto Sten) - 2018-10-26 19:06 +0000
Re: plpgsql function SQL injection vulnerability? sten.unto@gmail.com (Unto Sten) - 2018-10-26 19:08 +0000
csiph-web