Home > mailing lists

Re: Security leak with trigger functions? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Security leak with trigger functions?
Date	December 14, 2006 17:21:06
Msg-id	25178.1166131258@sss.pgh.pa.us Whole thread Raw
In response to	Re: Security leak with trigger functions? (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

Josh Berkus <josh@agliodbs.com> writes:
>> ... we'd need to check the EXECUTE
>> privilege of the owner of the trigger.  The trick is figuring out who
>> the owner is.  If it's the owner of the table, then TRIGGER privilege
>> is effectively total control over the owner of the table.

> If that's the case, then a separate TRIGGER priveledge would seem to be 
> superfluous.

Yeah, you could make a good case for removing TRIGGER privilege and
making it be an ownership check, as we just did for RULE privilege.

> One thing to think about, though; our model allows granting ALTER 
> privelidge on a table to roles other than the table owner.

Huh?  ALTER requires ownership.
        regards, tom lane

pgsql-hackers by date:

From: Josh Berkus
Date: 14 December 2006, 16:10:23
Subject: Re: Security leak with trigger functions?

From: Tom Lane
Date: 14 December 2006, 17:51:49
Subject: Re: unixware and --with-ldap

Re: Security leak with trigger functions? - Mailing list pgsql-hackers

Previous

Next