STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.

DISA Rule

SV-213618r508024_rule

Vulnerability Number

V-213618

Group Title

SRG-APP-000342-DB-000302

Rule Version

PPS9-00-007500

Severity

CAT II

CCI(s)

• CCI-002233 - The information system prevents organization-defined software from executing at higher privilege levels than users executing the software.

Weight

10

Fix Recommendation

Determine where, when, how, and by what principals/subjects elevated privilege is needed.

Modify the system and the application(s) using the database to ensure privilege elevation is used only as required.

To alter a function to use SECURITY INVOKER instead of SECURITY DEFINER, execute the following SQL:

ALTER FUNCTION <function()> SECURITY INVOKER;

Check Contents

Review the system documentation and source code of the application(s) using the database.

If elevation of DBMS privileges is used but not documented, this is a finding.

If elevation of DBMS privileges is documented but not implemented as described in the documentation, this is a finding.

If the privilege-elevation logic can be invoked in ways other than intended, in contexts other than intended, or by subjects/principals other than intended, this is a finding.

Execute the following SQL to find any SECURITY DEFINER functions (meaning they are executed as owner rather than invoker):

select proname from pg_proc where prosecdef = true;

If any of these functions should not be SECURITY DEFINER, this is a finding.

Vulnerability Number

V-213618

Documentable

False

Rule Version

PPS9-00-007500

Severity Override Guidance

Review the system documentation and source code of the application(s) using the database.

If elevation of DBMS privileges is used but not documented, this is a finding.

If elevation of DBMS privileges is documented but not implemented as described in the documentation, this is a finding.

If the privilege-elevation logic can be invoked in ways other than intended, in contexts other than intended, or by subjects/principals other than intended, this is a finding.

Execute the following SQL to find any SECURITY DEFINER functions (meaning they are executed as owner rather than invoker):

select proname from pg_proc where prosecdef = true;

If any of these functions should not be SECURITY DEFINER, this is a finding.

Check Content Reference

M

Target Key

3988

Comments