Re: error in trigger creation
| От | Adrian Klaver |
|---|---|
| Тема | Re: error in trigger creation |
| Дата | |
| Msg-id | 6f2f938b-b3fb-4dd8-9dbf-e82624b53152@aklaver.com обсуждение исходный текст |
| Ответ на | Re: error in trigger creation (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-general |
On 4/21/24 14:21, Tom Lane wrote: > Adrian Klaver <adrian.klaver@aklaver.com> writes: >> On 4/21/24 11:20, yudhi s wrote: >>> So in this case i was wondering if "event trigger" can cause any >>> additional threat and thus there is no such privilege like "create >>> trigger" exist in postgres and so it should be treated cautiously? > >> An event trigger runs as a superuser and executes a function that in >> turn can do many things, you do the math on the threat level. > > As a trivial example: an event trigger could prevent the legitimate > superuser(s) from doing anything at all in that database, just by > blocking all their commands. This might not even require malicious > intent, merely faulty coding --- but the opportunity for malicious > intent is staggeringly large. As an FYI to above: https://www.postgresql.org/docs/current/sql-createeventtrigger.html "Event triggers are disabled in single-user mode (see postgres). If an erroneous event trigger disables the database so much that you can't even drop the trigger, restart in single-user mode and you'll be able to do that." > > regards, tom lane -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: