Home > mailing lists

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

From	Laurenz Albe
Subject	Re: Wrong security context for deferred triggers?
Date	November 6, 2023 23:00:43
Msg-id	05225cbe3f8b60dcce8b8eca61d06f0953762d41.camel@cybertec.at Whole thread Raw
In response to	Re: Wrong security context for deferred triggers? (Tomas Vondra <tomas.vondra@enterprisedb.com>)
List	pgsql-hackers

Tree view

On Mon, 2023-11-06 at 18:29 +0100, Tomas Vondra wrote:
> On 11/6/23 14:23, Laurenz Albe wrote:
> > This behavior looks buggy to me.  What do you think?
> > I cannot imagine that it is a security problem, though.
>
> How could code getting executed under the wrong role not be a security
> issue? Also, does this affect just the role, or are there some other
> settings that may unexpectedly change (e.g. search_path)?

Perhaps it is a security issue, and I am just lacking imagination.

Yes, changes to "search_path" should also have an effect.

Yours,
Laurenz Albe

pgsql-hackers by date:

From: Nazir Bilal Yavuz
Date: 06 November 2023, 22:28:14
Subject: Re: Adding facility for injection points (or probe points?) for more advanced tests

From: Isaac Morland
Date: 06 November 2023, 23:31:58
Subject: Re: Fix search_path for all maintenance commands

Re: Wrong security context for deferred triggers? - Mailing list pgsql-hackers

Previous

Next