Quick Links

Re: Wrong security context for deferred triggers?

From:	Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>
To:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: Wrong security context for deferred triggers?
Date:	2023-11-06 17:29:39
Message-ID:	dede297a-3d24-7029-dfd9-06aeef8b9766@enterprisedb.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 11/6/23 14:23, Laurenz Albe wrote:
> ...
>
> This behavior looks buggy to me. What do you think?
> I cannot imagine that it is a security problem, though.
>

How could code getting executed under the wrong role not be a security
issue? Also, does this affect just the role, or are there some other
settings that may unexpectedly change (e.g. search_path)?

regards

--
Tomas Vondra
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

In response to

Wrong security context for deferred triggers? at 2023-11-06 13:23:04 from Laurenz Albe

Responses

Re: Wrong security context for deferred triggers? at 2023-11-06 20:00:43 from Laurenz Albe
Re: Wrong security context for deferred triggers? at 2024-03-06 13:32:06 from Laurenz Albe

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stephen Frost	2023-11-06 18:02:50	Re: Add the ability to limit the amount of memory that can be allocated to backends.
Previous Message	Isaac Morland	2023-11-06 17:28:52	Re: Wrong security context for deferred triggers?