Re: Security leak with trigger functions?

Albe Laurenz wrote:
> Looking at pg_trigger I have the impression that there is no such thing
> as an 'owner of a trigger', and consequently the owner of the trigger
> would automatically be the table owner.
>
> I understand the reservations about the TRIGGER privilege, but I think
> that it is obvious anyway that anybody who can add a trigger can
> basically do everything with the table.
>
>   

Isn't the problem that they can do more than just things with the table? 
If the trigger runs as the owner of the table it can do *anything* the 
owner can do. So if we allow the alter privilege to include ability to 
place a trigger then that privilege includes everything the owner can do 
(including granting/revoking other privileges). Surely that is not what 
was intended. Arguably we should invent a concept of an explicit trigger 
owner.

cheers

andrew