Re: about the RULE system - Mailing list pgsql-general

From Rafal Pietrak
Subject Re: about the RULE system
Date
Msg-id 1166045816.27564.71.camel@zorro.isa-geek.com
Whole thread Raw
In response to Re: about the RULE system  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: about the RULE system
List pgsql-general
On Wed, 2006-12-13 at 14:01 -0500, Tom Lane wrote:
> Rafal Pietrak <rafal@zorro.isa-geek.com> writes:
> > I thought trigger functions execute at root/postgres security level?
>
> No.  You probably want to make that function SECURITY DEFINER so it
> executes as the owner, but this isn't default for triggers.

Hmmm. Have checked it, and it does not look promissing.

Obviously, when I define function with "SECURITY DEFINER" I need to
limit access to that function. But....

"REVOKE ALL ON FUNCTION piti() FROM PUBLIC"

Doe not seam to have any effect on functions installed as a trigger.

I have just checked it, and my 'common user' is able to "INSERT INTO
debi (id,name) VALUES (22, 'jklsdf')" after the above REVOKE.

How do I limit access to such function?

Even worse, my 'common user' was able to CREATE TEMPORARY TABLE, and
install that function on that table, although "PUBLIC.SCHEMA" is
available for USAGE only for those users. I generally accept 'common
user' to have the ability to create temporary tables, but the takeover
trigger function designed to other purposes AND DEFINED with "security
definer" is not really acceptable.

How can I limit that sort of missuse?
--
-R

pgsql-general by date:

Previous
From: Martijn van Oosterhout
Date:
Subject: Re: a question for the way-back machine
Next
From: Scott Marlowe
Date:
Subject: Re: about the RULE system