Re: about the RULE system

From: Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com>
To: pgsql general <pgsql-general(at)postgresql(dot)org>
Subject: Re: about the RULE system
Date: 2006-12-13 21:36:55
Message-ID: 1166045816.27564.71.camel@zorro.isa-geek.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wed, 2006-12-13 at 14:01 -0500, Tom Lane wrote:
> Rafal Pietrak <rafal(at)zorro(dot)isa-geek(dot)com> writes:
> > I thought trigger functions execute at root/postgres security level?
>
> No. You probably want to make that function SECURITY DEFINER so it
> executes as the owner, but this isn't default for triggers.

Hmmm. Have checked it, and it does not look promissing.

Obviously, when I define function with "SECURITY DEFINER" I need to
limit access to that function. But....

"REVOKE ALL ON FUNCTION piti() FROM PUBLIC"

Doe not seam to have any effect on functions installed as a trigger.

I have just checked it, and my 'common user' is able to "INSERT INTO
debi (id,name) VALUES (22, 'jklsdf')" after the above REVOKE.

How do I limit access to such function?

Even worse, my 'common user' was able to CREATE TEMPORARY TABLE, and
install that function on that table, although "PUBLIC.SCHEMA" is
available for USAGE only for those users. I generally accept 'common
user' to have the ability to create temporary tables, but the takeover
trigger function designed to other purposes AND DEFINED with "security
definer" is not really acceptable.

How can I limit that sort of missuse?
--
-R

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Scott Marlowe 2006-12-13 21:43:40 Re: about the RULE system
Previous Message Martijn van Oosterhout 2006-12-13 21:19:50 Re: a question for the way-back machine