]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 94e2495) | patch
Require execute permission on the trigger function for CREATE TRIGGER.
authorTom Lane <tgl@sss.pgh.pa.us>
Thu, 23 Feb 2012 20:39:14 +0000 (15:39 -0500)
committerTom Lane <tgl@sss.pgh.pa.us>
Thu, 23 Feb 2012 20:39:14 +0000 (15:39 -0500)
commit993b3e50845134e863968bcdaf148ff3e576c74a
treea6b683fe14edab65211e1dd5ec6d84eb457ff913tree | snapshot
parent94e2495ded9771e439326d07f6f2d590438b005bcommit | diff
Require execute permission on the trigger function for CREATE TRIGGER.

This check was overlooked when we added function execute permissions to the
system years ago.  For an ordinary trigger function it's not a big deal,
since trigger functions execute with the permissions of the table owner,
so they couldn't do anything the user issuing the CREATE TRIGGER couldn't
have done anyway.  However, if a trigger function is SECURITY DEFINER,
that is not the case.  The lack of checking would allow another user to
install it on his own table and then invoke it with, essentially, forged
input data; which the trigger function is unlikely to realize, so it might
do something undesirable, for instance insert false entries in an audit log
table.

Reported by Dinesh Kumar, patch by Robert Haas

Security: CVE-2012-0866
doc/src/sgml/ref/create_trigger.sgml diff | blob | history
src/backend/commands/trigger.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.