| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Wrong security context for deferred triggers? |
| Date: | 2023-11-06 20:00:43 |
| Message-ID: | 05225cbe3f8b60dcce8b8eca61d06f0953762d41.camel@cybertec.at |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, 2023-11-06 at 18:29 +0100, Tomas Vondra wrote:
> On 11/6/23 14:23, Laurenz Albe wrote:
> > This behavior looks buggy to me. What do you think?
> > I cannot imagine that it is a security problem, though.
>
> How could code getting executed under the wrong role not be a security
> issue? Also, does this affect just the role, or are there some other
> settings that may unexpectedly change (e.g. search_path)?
Perhaps it is a security issue, and I am just lacking imagination.
Yes, changes to "search_path" should also have an effect.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Isaac Morland | 2023-11-06 20:31:58 | Re: Fix search_path for all maintenance commands |
| Previous Message | Nazir Bilal Yavuz | 2023-11-06 19:28:14 | Re: Adding facility for injection points (or probe points?) for more advanced tests |