Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit515ee4a

Browse files
committed
Document clashes between logical replication and untrusted users.
Back-patch to v10, which introduced logical replication.Security:CVE-2020-14349
1 parent64a7106 commit515ee4a

File tree

1 file changed

+19
-3
lines changed

1 file changed

+19
-3
lines changed

‎doc/src/sgml/logical-replication.sgml

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -502,11 +502,27 @@
502502
<sect1 id="logical-replication-security">
503503
<title>Security</title>
504504

505+
<para>
506+
A user able to modify the schema of subscriber-side tables can execute
507+
arbitrary code as a superuser. Limit ownership
508+
and <literal>TRIGGER</literal> privilege on such tables to roles that
509+
superusers trust. Moreover, if untrusted users can create tables, use only
510+
publications that list tables explicitly. That is to say, create a
511+
subscription <literal>FOR ALL TABLES</literal> only when superusers trust
512+
every user permitted to create a non-temp table on the publisher or the
513+
subscriber.
514+
</para>
515+
505516
<para>
506517
The role used for the replication connection must have
507-
the <literal>REPLICATION</literal> attribute (or be a superuser). Access for the role must be
508-
configured in <filename>pg_hba.conf</filename> and it must have the
509-
<literal>LOGIN</literal> attribute.
518+
the <literal>REPLICATION</literal> attribute (or be a superuser). If the
519+
role lacks <literal>SUPERUSER</literal> and <literal>BYPASSRLS</literal>,
520+
publisher row security policies can execute. If the role does not trust
521+
all table owners, include <literal>options=-crow_security=off</literal> in
522+
the connection string; if a table owner then adds a row security policy,
523+
that setting will cause replication to halt rather than execute the policy.
524+
Access for the role must be configured in <filename>pg_hba.conf</filename>
525+
and it must have the <literal>LOGIN</literal> attribute.
510526
</para>
511527

512528
<para>

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp