| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | josh(at)agliodbs(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Subject: | Re: Security leak with trigger functions? |
| Date: | 2006-12-14 21:20:58 |
| Message-ID: | 25178.1166131258@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus <josh(at)agliodbs(dot)com> writes:
>> ... we'd need to check the EXECUTE
>> privilege of the owner of the trigger. The trick is figuring out who
>> the owner is. If it's the owner of the table, then TRIGGER privilege
>> is effectively total control over the owner of the table.
> If that's the case, then a separate TRIGGER priveledge would seem to be
> superfluous.
Yeah, you could make a good case for removing TRIGGER privilege and
making it be an ownership check, as we just did for RULE privilege.
> One thing to think about, though; our model allows granting ALTER
> privelidge on a table to roles other than the table owner.
Huh? ALTER requires ownership.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-12-14 21:51:41 | Re: unixware and --with-ldap |
| Previous Message | Josh Berkus | 2006-12-14 20:12:23 | Re: Security leak with trigger functions? |