On Wed, 2006-12-13 at 14:01 -0500, Tom Lane wrote:
> Rafal Pietrak <rafal@zorro.isa-geek.com> writes:
> > I thought trigger functions execute at root/postgres security level?
>
> No. You probably want to make that function SECURITY DEFINER so it
> executes as the owner, but this isn't default for triggers.
Hmmm. Have checked it, and it does not look promissing.
Obviously, when I define function with "SECURITY DEFINER" I need to
limit access to that function. But....
"REVOKE ALL ON FUNCTION piti() FROM PUBLIC"
Doe not seam to have any effect on functions installed as a trigger.
I have just checked it, and my 'common user' is able to "INSERT INTO
debi (id,name) VALUES (22, 'jklsdf')" after the above REVOKE.
How do I limit access to such function?
Even worse, my 'common user' was able to CREATE TEMPORARY TABLE, and
install that function on that table, although "PUBLIC.SCHEMA" is
available for USAGE only for those users. I generally accept 'common
user' to have the ability to create temporary tables, but the takeover
trigger function designed to other purposes AND DEFINED with "security
definer" is not really acceptable.
How can I limit that sort of missuse?
--
-R