On 4/21/24 14:21, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 4/21/24 11:20, yudhi s wrote:
>>> So in this case i was wondering if "event trigger" can cause any
>>> additional threat and thus there is no such privilege like "create
>>> trigger" exist in postgres and so it should be treated cautiously?
>
>> An event trigger runs as a superuser and executes a function that in
>> turn can do many things, you do the math on the threat level.
>
> As a trivial example: an event trigger could prevent the legitimate
> superuser(s) from doing anything at all in that database, just by
> blocking all their commands. This might not even require malicious
> intent, merely faulty coding --- but the opportunity for malicious
> intent is staggeringly large.
As an FYI to above:
https://www.postgresql.org/docs/current/sql-createeventtrigger.html
"Event triggers are disabled in single-user mode (see postgres). If an
erroneous event trigger disables the database so much that you can't
even drop the trigger, restart in single-user mode and you'll be able to
do that."
>
> regards, tom lane
--
Adrian Klaver
adrian.klaver@aklaver.com