| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: CREATE CONSTRAINT TRIGGER appears to be a security hole |
| Date: | 2002-08-14 17:34:51 |
| Message-ID: | 9671.1029346491@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> While the REFERENCES privilege controls who can create foreign keys
> referring to one's tables, it seems you can evade it by using CREATE
> CONSTRAINT TRIGGER directly.
Good point.
> It seems we need to check the privilege on the table mentioned in the FROM
> "foo" clause as well. Is that correct and sufficient?
It is if we assume that every CREATE CONSTRAINT TRIGGER is used for
something that should require REFERENCES privilege. Given that the
command is not really intended for user use anyway, this is probably
okay to assume.
One might try to evade the check by mentioning something different in
FROM than is mentioned in the trigger arguments, but as of CVS tip
that doesn't work --- the RI triggers don't look at the relation-name
arguments anymore, only at the FROM link.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-08-14 17:35:25 | Re: Open 7.3 items |
| Previous Message | Bruce Momjian | 2002-08-14 17:19:57 | Re: Open 7.3 items |