| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | yudhi s <learnerdatabase99(at)gmail(dot)com>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: error in trigger creation |
| Date: | 2024-04-22 00:47:22 |
| Message-ID: | 6f2f938b-b3fb-4dd8-9dbf-e82624b53152@aklaver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 4/21/24 14:21, Tom Lane wrote:
> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> writes:
>> On 4/21/24 11:20, yudhi s wrote:
>>> So in this case i was wondering if "event trigger" can cause any
>>> additional threat and thus there is no such privilege like "create
>>> trigger" exist in postgres and so it should be treated cautiously?
>
>> An event trigger runs as a superuser and executes a function that in
>> turn can do many things, you do the math on the threat level.
>
> As a trivial example: an event trigger could prevent the legitimate
> superuser(s) from doing anything at all in that database, just by
> blocking all their commands. This might not even require malicious
> intent, merely faulty coding --- but the opportunity for malicious
> intent is staggeringly large.
As an FYI to above:
https://www.postgresql.org/docs/current/sql-createeventtrigger.html
"Event triggers are disabled in single-user mode (see postgres). If an
erroneous event trigger disables the database so much that you can't
even drop the trigger, restart in single-user mode and you'll be able to
do that."
>
> regards, tom lane
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2024-04-22 01:34:58 | Re: CLUSTER vs. VACUUM FULL |
| Previous Message | Ron Johnson | 2024-04-22 00:15:48 | Re: CLUSTER vs. VACUUM FULL |