Quick Links

Re: Strange permission effect depending on DEFERRABILITY

From:	Achilleas Mantzios - cloud <a(dot)mantzios(at)cloud(dot)gatewaynet(dot)com>
To:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject:	Re: Strange permission effect depending on DEFERRABILITY
Date:	2024-09-10 09:20:25
Message-ID:	40558bdd-d641-feac-84fe-65b3e87ec085@cloud.gatewaynet.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On 9/10/24 00:09, Laurenz Albe wrote:
> On Mon, 2024-09-09 at 16:14 +0300, Achilleas Mantzios - cloud wrote:
>> The below runs on PostgreSQL 16.4
>>
>> We are trying to implement a certain operation based on a security definer
>> function : mariner_update_availability_date
>>
>> This is supposed to update a table : mariner , which has several other triggers :
>>
>> [...]
>> zzzmariner_dmq_tg AFTER INSERT OR DELETE OR UPDATE ON mariner DEFERRABLE INITIALLY DEFERRED FOR EACH ROW EXECUTE FUNCTION export_dmq()
>>
>> As you noticed the last trigger is a CONSTRAINT DEFERRABLE trigger.
>> This function mariner_update_availability_date is supposed to be run by a user :
>> cbt_results_import stripped of any privileges to the rest of the system. Here is
>> what we get : when we SET the constraint of the last trigger to IMMEDIATE, the
>> function runs on behalf of its owner (postgres) who has all needed privileges
>> (as superuser) to run the update on mariner table and also run the triggers .
>> However, when we run with this CONSTRAINT as DEFERRED then it seems to NOT run
>> the last deferrable trigger as postgres.
> I have proposed a patch that fixes exactly that case:
> https://commitfest.postgresql.org/49/4888/
>
> So far, the feedback seems to be that it is not considered a bug.
> But that doesn't mean that we cannot change the behavior.

Nice work! However I am not sure. What's a trigger owner btw in the
thread :
https://www.postgresql.org/message-id/flat/77b89e609f21380785865542609fbc14010021c8.camel%40cybertec.at#3d6e4f8fc8872e37f37a75d5e0082e0b
? Do they mean the table owner? is the trigger creator / owner stored
somewhere ? I dont see it in system tables or the schema dump. Or do
they imply the trigger function owner ?

Maybe controlling the queued and later executed trigger invocations
security context via a new special GUC? such as :

trigger_security_ctx = current_user (default) | table/trigger_owner |
execution_triggered_user

(in every case a SECURITY DEFINER function would override the above setting)

just my 2cents

> Yours,
> Laurenz Albe

In response to

Re: Strange permission effect depending on DEFERRABILITY at 2024-09-09 21:09:12 from Laurenz Albe

Responses

Re: Strange permission effect depending on DEFERRABILITY at 2024-09-10 17:22:00 from Laurenz Albe

Browse pgsql-general by date

	From	Date	Subject
Next Message	Shaheed Haque	2024-09-10 12:08:03	Re: Database schema for "custom fields"
Previous Message	Peter J. Holzer	2024-09-10 09:11:21	Re: Database schema for "custom fields"