| From: | Isaac Morland <isaac(dot)morland(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Steve Chavez <steve(at)supabase(dot)io>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Allow database owners to CREATE EVENT TRIGGER |
| Date: | 2025-03-05 16:17:06 |
| Message-ID: | CAMsGm5fKnupSyBmmoH6T1qV3VCEABo_za5eW2fr6fi6vLTV4xw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, 5 Mar 2025 at 10:28, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> I wrote:
> > Or in other words: not-superuser to superuser is far from the only
> > type of privilege escalation that we need to prevent.
>
> After reflecting on that for a moment: maybe say that an event trigger
> fires for queries that are run by a role that the trigger's owning
> role is a member of? That changes nothing for superuser-owned
> triggers.
>
Can somebody remind me why triggers don't run as their owner in the first
place?
It would make triggers way more useful, and eliminate the whole issue of
trigger owners escalating to whomever tries to access the object on which
the trigger is defined.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-03-05 16:19:46 | Re: Should we add debug_parallel_query=regress to CI? |
| Previous Message | Jacob Champion | 2025-03-05 16:16:45 | Re: [PATCH] pg_stat_activity: make slow/hanging authentication more visible |