Dean Rasheed <dean_rasheed@hotmail.com> writes:
>> Referential integrity actions execute as the owner of the table, so
>> anything triggered by them would execute as the owner too.
> Hmm, that opens up a very nasty gotcha, as shown by the script
> below. What user1 does looks, at first sight, fairly innocuous.
Well, granting TRIGGER on one of your tables is never innocuous.
That gives the recipient the ability to arbitrarily interfere with
your use of the table, even without exploiting the fact that the
trigger runs as you when you operate on the table.
Possibly we ought to document the security risks a bit better.
regards, tom lane