Re: Wrong security context for deferred triggers?

From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To: Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject: Re: Wrong security context for deferred triggers?
Date: 2023-11-06 20:00:43
Message-ID: 05225cbe3f8b60dcce8b8eca61d06f0953762d41.camel@cybertec.at
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, 2023-11-06 at 18:29 +0100, Tomas Vondra wrote:
> On 11/6/23 14:23, Laurenz Albe wrote:
> > This behavior looks buggy to me. What do you think?
> > I cannot imagine that it is a security problem, though.
>
> How could code getting executed under the wrong role not be a security
> issue? Also, does this affect just the role, or are there some other
> settings that may unexpectedly change (e.g. search_path)?

Perhaps it is a security issue, and I am just lacking imagination.

Yes, changes to "search_path" should also have an effect.

Yours,
Laurenz Albe

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Isaac Morland 2023-11-06 20:31:58 Re: Fix search_path for all maintenance commands
Previous Message Nazir Bilal Yavuz 2023-11-06 19:28:14 Re: Adding facility for injection points (or probe points?) for more advanced tests