Thread

  1. AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

    Zeugswetter Andreas IZ5 <andreas.zeugswetter@telecom.at> — 1998-02-19T14:58:08Z

    Okay    :-(
    
    But: I think this is an error in the rewrite system. I think this query
    should get rewritten !
    Can we fix this ?
    
    Andreas
    > ----------
    > Von: 	Jan Wieck[SMTP:jwieck@debis.com]
    > Antwort an: 	Jan Wieck
    > Gesendet: 	Donnerstag, 19. Februar 1998 15:53
    > An: 	Zeugswetter Andreas SARZ
    > Cc: 	pgsql-hackers@hub.org
    > Betreff: 	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
    > 
    > >
    > > Hi all,
    > >
    > > What about:
    > > grant select on pg_user to public;
    > > create rule pg_user_hide_pw as on
    > > select to pg_user.passwd
    > > do instead select '********' as passwd;
    > >
    > > Then if I do:
    > > select * from pg_user;
    > > usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd
    > |valuntil
    > >
    > --------+--------+-----------+--------+--------+---------+--------+-------
    > --
    > > -------------------
    > > postgres|       6|t          |t       |t       |t        |********|Sat
    > Jan
    > > 31 07:00:00 2037 NFT
    > > zeus    |      60|t          |t       |f       |t        |********|
    > > (2 rows)
    > >
    > > Also the \d works for all users !
    > >
    > > Only "disadvantage" is that noone can read passwd without first dropping
    > the
    > > rule pg_user_hide_pw,
    > > I consider this a feature though ;-)
    > >
    > > Since the userauthentication bypasses the rewrite mechanism the logins,
    > > alter user .. and others do work !
    > >
    > > Can all of you try to crack this ?
    > 
    >     Cracked!
    > 
    >     create table get_passwds (usename name, passwd text);
    >     insert into get_passwds select usename, passwd from pg_user;
    >     select * from get_passwds;
    >     usename|passwd
    >     -------+------
    >     pgsql  |
    >     wieck  |test
    >     (2 rows)
    > 
    > 
    > 
    > Sorry, Jan
    > 
    > --
    > 
    > #======================================================================#
    > # It's easier to get forgiveness for being wrong than for being right. #
    > # Let's break this rule - forgive me.                                  #
    > #======================================== jwieck@debis.com (Jan Wieck) #
    > 
    > 
    > 
    
    
  2. Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

    Bruce Momjian <maillist@candle.pha.pa.us> — 1998-02-19T15:07:44Z

    Well, seeing as Jan is one of the rewrite/rules system experts, let's
    ask him.
    
    > 
    > Okay    :-(
    > 
    > But: I think this is an error in the rewrite system. I think this query
    > should get rewritten !
    > Can we fix this ?
    > 
    > Andreas
    > > ----------
    > > Von: 	Jan Wieck[SMTP:jwieck@debis.com]
    > > Antwort an: 	Jan Wieck
    > > Gesendet: 	Donnerstag, 19. Februar 1998 15:53
    > > An: 	Zeugswetter Andreas SARZ
    > > Cc: 	pgsql-hackers@hub.org
    > > Betreff: 	Re: [HACKERS] Solution to the pg_user passwd problem !?? (c)
    > > 
    > > >
    > > > Hi all,
    > > >
    > > > What about:
    > > > grant select on pg_user to public;
    > > > create rule pg_user_hide_pw as on
    > > > select to pg_user.passwd
    > > > do instead select '********' as passwd;
    > > >
    > > > Then if I do:
    > > > select * from pg_user;
    > > > usename |usesysid|usecreatedb|usetrace|usesuper|usecatupd|passwd
    > > |valuntil
    > > >
    > > --------+--------+-----------+--------+--------+---------+--------+-------
    > > --
    > > > -------------------
    > > > postgres|       6|t          |t       |t       |t        |********|Sat
    > > Jan
    > > > 31 07:00:00 2037 NFT
    > > > zeus    |      60|t          |t       |f       |t        |********|
    > > > (2 rows)
    > > >
    > > > Also the \d works for all users !
    > > >
    > > > Only "disadvantage" is that noone can read passwd without first dropping
    > > the
    > > > rule pg_user_hide_pw,
    > > > I consider this a feature though ;-)
    > > >
    > > > Since the userauthentication bypasses the rewrite mechanism the logins,
    > > > alter user .. and others do work !
    > > >
    > > > Can all of you try to crack this ?
    > > 
    > >     Cracked!
    > > 
    > >     create table get_passwds (usename name, passwd text);
    > >     insert into get_passwds select usename, passwd from pg_user;
    > >     select * from get_passwds;
    > >     usename|passwd
    > >     -------+------
    > >     pgsql  |
    > >     wieck  |test
    > >     (2 rows)
    > > 
    > > 
    > > 
    > > Sorry, Jan
    > > 
    > > --
    > > 
    > > #======================================================================#
    > > # It's easier to get forgiveness for being wrong than for being right. #
    > > # Let's break this rule - forgive me.                                  #
    > > #======================================== jwieck@debis.com (Jan Wieck) #
    > > 
    > > 
    > > 
    > 
    > 
    
    
    -- 
    Bruce Momjian
    maillist@candle.pha.pa.us
    
    
  3. Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

    Jan Wieck <jwieck@debis.com> — 1998-02-19T15:48:40Z

    Andreas wrote:
    >
    > Okay    :-(
    >
    > But: I think this is an error in the rewrite system. I think this query
    > should get rewritten !
    > Can we fix this ?
    >
    > > > Can all of you try to crack this ?
    > >
    > >     Cracked!
    > >
    > >     create table get_passwds (usename name, passwd text);
    > >     insert into get_passwds select usename, passwd from pg_user;
    > >     select * from get_passwds;
    > >     usename|passwd
    > >     -------+------
    > >     pgsql  |
    > >     wieck  |test
    > >     (2 rows)
    
        Right  -  it's  an  error in the rewrite system. The retrieve
        (SELECT) rule rewriting is only done if the  command  in  the
        query  is  a  SELECT.  But  this  time it's an INSERT and the
        rewrite system only looks for rules on  the  result  relation
        (as  far  as I understood the coding). It doesn't process the
        complete rangetable and no rewriting is done at all.
    
        As a side effect it is also impossible to
    
        INSERT INTO tab SELECT anything FROM view;
    
        And this should really get fixed. I'll take a deep breath and
        then a look at it. But that will take some time.
    
    
    Until later, Jan
    
    --
    
    #======================================================================#
    # It's easier to get forgiveness for being wrong than for being right. #
    # Let's break this rule - forgive me.                                  #
    #======================================== jwieck@debis.com (Jan Wieck) #