Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

Bruce Momjian <maillist@candle.pha.pa.us>

From: Bruce Momjian <maillist@candle.pha.pa.us>
To: Andreas.Zeugswetter@telecom.at (Zeugswetter Andreas SARZ)
Cc: jwieck@debis.com, pgsql-hackers@hub.org
Date: 1998-02-19T15:07:44Z
Lists: pgsql-hackers
Well, seeing as Jan is one of the rewrite/rules system experts, let's
ask him.

> 
> Okay    :-(
> 
> But: I think this is an error in the rewrite system. I think this query
> should get rewritten !
> Can we fix this ?
> 
> Andreas
> > ----------
> > Von: 	Jan Wieck[SMTP:jwieck@debis.com]
> > Antwort an: 	Jan Wieck
> > Gesendet: 	Donnerstag, 19. Februar 1998 15:53
> > An: 	Zeugswetter Andreas SARZ
> > Cc: 	pgsql-hackers@hub.org
> > Betreff: 	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
> > 
> > >
> > > Hi all,
> > >
> > > What about:
> > > grant select on pg_user to public;
> > > create rule pg_user_hide_pw as on
> > > select to pg_user.passwd
> > > do instead select '********' as passwd;
> > >
> > > Then if I do:
> > > select * from pg_user;
> > > usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd
> > |valuntil
> > >
> > --------+--------+-----------+--------+--------+---------+--------+-------
> > --
> > > -------------------
> > > postgres|       6|t          |t       |t       |t        |********|Sat
> > Jan
> > > 31 07:00:00 2037 NFT
> > > zeus    |      60|t          |t       |f       |t        |********|
> > > (2 rows)
> > >
> > > Also the \d works for all users !
> > >
> > > Only "disadvantage" is that noone can read passwd without first dropping
> > the
> > > rule pg_user_hide_pw,
> > > I consider this a feature though ;-)
> > >
> > > Since the userauthentication bypasses the rewrite mechanism the logins,
> > > alter user .. and others do work !
> > >
> > > Can all of you try to crack this ?
> > 
> >     Cracked!
> > 
> >     create table get_passwds (usename name, passwd text);
> >     insert into get_passwds select usename, passwd from pg_user;
> >     select * from get_passwds;
> >     usename|passwd
> >     -------+------
> >     pgsql  |
> >     wieck  |test
> >     (2 rows)
> > 
> > 
> > 
> > Sorry, Jan
> > 
> > --
> > 
> > #======================================================================#
> > # It's easier to get forgiveness for being wrong than for being right. #
> > # Let's break this rule - forgive me.                                  #
> > #======================================== jwieck@debis.com (Jan Wieck) #
> > 
> > 
> > 
> 
> 


-- 
Bruce Momjian
maillist@candle.pha.pa.us