Home > mailing lists

Re: Security leak with trigger functions? - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Security leak with trigger functions?
Date	January 30, 2018 05:45:38
Msg-id	18cf4bff-0a1c-38de-e0c1-b8d16fb3c602@2ndquadrant.com Whole thread Raw
In response to	Re: Security leak with trigger functions? (Chapman Flack <chap@anastigmatix.net>)
List	pgsql-hackers

Tree view

On 1/22/18 16:04, Chapman Flack wrote:
>> PostgreSQL only allows a trigger action of "call this function", so in 
>> the SQL standard context that would mean we'd need to check the EXECUTE 
>> privilege of the owner of the trigger.  The trick is figuring out who 
>> the owner is.  If it's the owner of the table, then TRIGGER privilege 
>> is effectively total control over the owner of the table.  If it's 
>> whoever created the trigger, it might be useful, but I don't see how 
>> that is compatible with the intent of the SQL standard.
> 
> Hmm, it's been not quite a dozen years, have there been later threads
> that followed up on this discussion?

No, I don't think anything has changed here.

-- 
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

pgsql-hackers by date:

From: Andres Freund
Date: 30 January 2018, 05:24:12
Subject: Re: JIT compiling with LLVM v9.0

From: Peter Geoghegan
Date: 30 January 2018, 06:06:03
Subject: Re: [HACKERS] Parallel tuplesort (for parallel B-Tree index creation)

Re: Security leak with trigger functions? - Mailing list pgsql-hackers

Previous

Next