V-233614
Crunchy Data PostgreSQL Security Technical Implementation Guide
Title
PostgreSQL must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Description
<VulnDiscussion>Preventing non-privileged users from executing privileged functions mitigates the risk that unauthorized individuals or processes may gain unnecessary access to information or privileges. System documentation should include a definition of the functionality considered privileged. Depending on circumstances, privileged functions can include, for example, establishing accounts, performing system integrity checks, or administering cryptographic key management activities. Non-priv...
Fix Text (Documentation Requirement)
Configure PostgreSQL security to protect all privileged functionality. If pl/R and pl/Python are used, document their intended use, document users that have access to pl/R and pl/Python, as well as their business use case, such as data-analytics or data-mining. Because of the risks associated with using pl/R and pl/Python, their use must have AO risk acceptance. To remove unwanted extensions, use: DROP EXTENSION <extension_name> To remove unwanted privileges from a role, use the REVOKE command. See the PostgreSQL documentation for more details: http://www.postgresql.org/docs/current/static/sql-revoke.html.