Home > mailing lists

Re: Delete cascade trigger runs security definer - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Delete cascade trigger runs security definer
Date	November 15, 2008 16:12:32
Msg-id	7474.1226769145@sss.pgh.pa.us Whole thread Raw
In response to	Re: Delete cascade trigger runs security definer (Dean Rasheed <dean_rasheed@hotmail.com>)
List	pgsql-general

Tree view

Dean Rasheed <dean_rasheed@hotmail.com> writes:
>> Referential integrity actions execute as the owner of the table, so
>> anything triggered by them would execute as the owner too.

> Hmm, that opens up a very nasty gotcha, as shown by the script
> below. What user1 does looks, at first sight, fairly innocuous.

Well, granting TRIGGER on one of your tables is never innocuous.
That gives the recipient the ability to arbitrarily interfere with
your use of the table, even without exploiting the fact that the
trigger runs as you when you operate on the table.

Possibly we ought to document the security risks a bit better.

            regards, tom lane

pgsql-general by date:

From: Scott Ribe
Date: 15 November 2008, 16:12:28
Subject: Re: Database access over the Internet...

From: Adam Seering
Date: 15 November 2008, 17:38:56
Subject: Re: Seek within Large Object, within PL/* function?

Re: Delete cascade trigger runs security definer - Mailing list pgsql-general

Previous

Next