Re: pg18: Virtual generated columns are not (yet) safe when superuser selects from them
Feike Steenbergen <feikesteenbergen@gmail.com>
From: Feike Steenbergen <feikesteenbergen@gmail.com>
To: jian he <jian.universality@gmail.com>
Cc: PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2025-05-24T06:38:50Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Restrict virtual columns to use built-in functions and types
- 0cd69b3d7ef3 18.0 landed
-
Fix virtual generated column type checking for ALTER TABLE
- 49fe1c83ecf3 18.0 landed
-
Expand virtual generated columns in the planner
- 1e4351af329f 18.0 cited
On Fri, 23 May 2025 at 14:48, jian he <jian.universality@gmail.com> wrote: > when you mark it as IMMUTABLE, postgres think it's IMMUTABLE, but in this case > exploit_generated.exploit(i int) clearly is not an IMMUTABLE function. > > Only IMMUTABLE functions are allowed in generated expressions, > but you can still misuse it by wrongly tagging the function as IMMUTABLE. Yeah, I'm quite aware that the pattern used in the example isn't what one *should* be doing. However, the problem with the exploit that it *could* be done this way. The loophole is this: - the generated virtual column can use a user-defined function - when running SELECT against that column by a superuser the function is called within the context of a superuser - this in turn allows the regular user to run any code within the context of superuser