Home > mailing lists

Re: Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716)
Date	July 31, 2014 00:20:36
Msg-id	14211.1406755225@sss.pgh.pa.us Whole thread Raw
In response to	Re: Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716) (Bruce Momjian <bruce@momjian.us>)
List	pgsql-hackers

Tree view

Bruce Momjian <bruce@momjian.us> writes:
> On Wed, Jul 16, 2014 at 07:45:56PM -0400, Tom Lane wrote:
>> I think we should get rid of the separate TRIGGER privilege altogether,
>> not make it an even bigger security hole.

> Uh, how does removing a trigger cause a larger security hole?  As long
> as users can create triggers, removal seems logical.

It's bigger in the sense that you can not only add arbitrary actions,
but remove actions that the table owner intended to have happen.
For example, the ability to temporarily suppress entries in a logging
table (by dropping the trigger that makes them, and then putting the
trigger back later to cover one's tracks) could be of considerable use
to a black hat.
        regards, tom lane

pgsql-hackers by date:

From: Bruce Momjian
Date: 31 July 2014, 00:18:04
Subject: Re: Making joins involving ctid work for the benefit of UPSERT

From: Thomas Munro
Date: 31 July 2014, 00:29:32
Subject: Re: SKIP LOCKED DATA (work in progress)

Re: Allow GRANT TRIGGER privilege to DROP TRIGGER (Re: Bug ##7716) - Mailing list pgsql-hackers

Previous

Next