Contents
The ISOK_QUERIES.Search_Path column allows setting of the search_path on a per-query basis. The security implications of changing the search_path may be the hardest to reason through. The crux of the problem is that different users may have different permissions on the search path's schemas, and on the objects the schemas contain. This opens up the possibility that a malicious user may create an object, say, a view or a function, in a schema which appears earlier in the search path than the schema holding the object the query expects to find. If this is the case, the query will use the malicious object instead of the expected object.
The PostgreSQL documentation contains
an analysis of this situation, in the context of writing
SECURITY DEFINER functions.
However, the analysis in the PostgreSQL documentation is not
entirely applicable to Isok.
In the case of Isok, even when Isok changes the effective role,
the position in the search path of the temporary table schema,
pg_temp, is less relevant.
Because temporary tables are not shared between connections, the
creation of a malicious object in the temporary schema must be
done in the current connection.
And so the issue is no different from that which occurs when any other
malicious object is created in the current connection.
In either case, there is a security lapse that occurs
dynamically, at some point in the current connection.
Having said that, moving pg_temp to the
end of the search path does make it harder to
“mask” an existing object with a malicious
object.
Because all roles have permission to create objects in
pg_temp, a malicious actor would not be able
to mask an existing object with an object in
pg_temp if pg_temp is at
the end of the search path.
For this reason it may make sense to always put
pg_temp at the end of the search path
whenever Isok is used.
The PostgreSQL documentation's observation remains valid: Malicious users with the ability to change objects in the search path may inject malicious objects.
Page generated: 2025-06-02T23:29:41-05:00.