SV-233543r617333_rule
V-233543
SRG-APP-000342-DB-000302
CD12-00-003600
CAT II
10
Determine where, when, how, and by what principals/subjects elevated privilege is needed.
To change a SECURITY DEFINER function to SECURITY INVOKER, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "ALTER FUNCTION <function_name> SECURITY INVOKER"
Functions in PostgreSQL can be created with the SECURITY DEFINER option. When SECURITY DEFINER functions are executed by a user, said function is run with the privileges of the user who created it.
To list all functions that have SECURITY DEFINER, as, the DBA (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SELECT nspname, proname, proargtypes, prosecdef, rolname, proconfig FROM pg_proc p JOIN pg_namespace n ON p.pronamespace = n.oid JOIN pg_authid a ON a.oid = p.proowner WHERE prosecdef OR NOT proconfig IS NULL"
In the query results, a prosecdef value of "t" on a row indicates that that function uses privilege elevation.
If elevation of PostgreSQL privileges is utilized but not documented, this is a finding.
If elevation of PostgreSQL privileges is documented, but not implemented as described in the documentation, this is a finding.
If the privilege-elevation logic can be invoked in ways other than intended, or in contexts other than intended, or by subjects/principals other than intended, this is a finding.
V-233543
False
CD12-00-003600
Functions in PostgreSQL can be created with the SECURITY DEFINER option. When SECURITY DEFINER functions are executed by a user, said function is run with the privileges of the user who created it.
To list all functions that have SECURITY DEFINER, as, the DBA (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SELECT nspname, proname, proargtypes, prosecdef, rolname, proconfig FROM pg_proc p JOIN pg_namespace n ON p.pronamespace = n.oid JOIN pg_authid a ON a.oid = p.proowner WHERE prosecdef OR NOT proconfig IS NULL"
In the query results, a prosecdef value of "t" on a row indicates that that function uses privilege elevation.
If elevation of PostgreSQL privileges is utilized but not documented, this is a finding.
If elevation of PostgreSQL privileges is documented, but not implemented as described in the documentation, this is a finding.
If the privilege-elevation logic can be invoked in ways other than intended, or in contexts other than intended, or by subjects/principals other than intended, this is a finding.
M
5254