Home > mailing lists

Re: BUG #18936: Trigger enable users to modify the tables which he doesn't have privilege - Mailing list pgsql-bugs

From	Laurenz Albe
Subject	Re: BUG #18936: Trigger enable users to modify the tables which he doesn't have privilege
Date	May 21 09:17:53
Msg-id	c842110a59d8c273c2edecc3510e2c3a4bca3d3c.camel@cybertec.at Whole thread Raw
In response to	BUG #18936: Trigger enable users to modify the tables which he doesn't have privilege (PG Bug reporting form <noreply@postgresql.org>)
List	pgsql-bugs

Tree view

On Tue, 2025-05-20 at 13:07 +0000, PG Bug reporting form wrote:
> If an attacker gains privileges on a table, they can exploit triggers to
> modify or exfiltrate data from other tables, provided the trigger can be
> activated by either a superuser or a user with privileges on the target
> tables.

That's working as designed.
If a superuser performs a data modification on a table owned by an
untrustworthy user, it is "game over".
That is one of the reasons why you should use a superuser only for tasks
that require superuser privileges.

Yours,
Laurenz Albe

pgsql-bugs by date:

From: Amit Kapila
Date: 21 May, 08:48:24
Subject: Re: Logical replication 'invalid memory alloc request size 1585837200' after upgrading to 17.5

From: Amit Kapila
Date: 21 May, 14:12:15
Subject: Re: Logical replication 'invalid memory alloc request size 1585837200' after upgrading to 17.5

Re: BUG #18936: Trigger enable users to modify the tables which he doesn't have privilege - Mailing list pgsql-bugs

Previous

Next