| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dean Rasheed <dean_rasheed(at)hotmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Delete cascade trigger runs security definer |
| Date: | 2008-11-15 17:12:25 |
| Message-ID: | 7474.1226769145@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Dean Rasheed <dean_rasheed(at)hotmail(dot)com> writes:
>> Referential integrity actions execute as the owner of the table, so
>> anything triggered by them would execute as the owner too.
> Hmm, that opens up a very nasty gotcha, as shown by the script
> below. What user1 does looks, at first sight, fairly innocuous.
Well, granting TRIGGER on one of your tables is never innocuous.
That gives the recipient the ability to arbitrarily interfere with
your use of the table, even without exploiting the fact that the
trigger runs as you when you operate on the table.
Possibly we ought to document the security risks a bit better.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adam Seering | 2008-11-15 18:38:47 | Re: Seek within Large Object, within PL/* function? |
| Previous Message | Scott Ribe | 2008-11-15 17:12:17 | Re: Database access over the Internet... |