Tom Lane wrote:
> Martijn van Oosterhout <kleptog@svana.org> writes:
>> The trigger never runs as the owner of the table AIUI, only ever as the
>> definer of the function or as session user.
>
> Yeah. This might itself be seen as a bug: I think you could make a
> reasonable case that the default behavior ought to be to run as the
> table owner (but still overridable if trigger function is SECURITY
> DEFINER, of course). In the current situation a table owner can use
> a trigger function as a trojan horse against anyone modifying the
> table.
Is this true for on-select rules too? In that case, couldn't any
user run his code as postmaster by creating an appropriate on-select
rule and waiting until somebody/cron backups the database using pg_dump?
Or is pg_dump smart enough to skip dumping tables with on-select rules?
greetings, Florian Pflug