Re: Security leak with trigger functions?

Tom Lane wrote:
> Martijn van Oosterhout <kleptog@svana.org> writes:
>> The trigger never runs as the owner of the table AIUI, only ever as the
>> definer of the function or as session user.
> 
> Yeah.  This might itself be seen as a bug: I think you could make a
> reasonable case that the default behavior ought to be to run as the
> table owner (but still overridable if trigger function is SECURITY
> DEFINER, of course).  In the current situation a table owner can use
> a trigger function as a trojan horse against anyone modifying the
> table.

Is this true for on-select rules too? In that case, couldn't any
user run his code as postmaster by creating an appropriate on-select
rule and waiting until somebody/cron backups the database using pg_dump?

Or is pg_dump smart enough to skip dumping tables with on-select rules?

greetings, Florian Pflug