Re: Wrong security context for deferred triggers?
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Pavel Stehule <pavel.stehule@gmail.com>
Cc: Tomas Vondra <tomas.vondra@enterprisedb.com>, pgsql-hackers@lists.postgresql.org
Date: 2024-10-18T08:20:01Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Doc: improve description of which role runs a trigger.
- c37be39a74b2 18.0 landed
-
Change role names used in trigger test.
- 4b05ebf0957b 18.0 landed
-
Ensure that AFTER triggers run as the instigating user.
- 01463e1cccd3 18.0 landed
-
Reverse the search order in afterTriggerAddEvent().
- 7921927bbb9d 18.0 landed
On Fri, 2024-10-18 at 07:47 +0200, Pavel Stehule wrote: > Without deeper checks I don't like using GetUserNameFromId for checking the validity of a role. > > Maybe it is better to use own read of syscache or wrap SetUserIdAndSecContext to do this check. I agree; it was just the simplest way I could make it happen. It is ugly to allocate and return the user name, since we don't really need it. I could write a dedicated function to check the existence of a user. > The comment > > + /* > + * The role could have been dropped since the trigger was queued. > + * In that case, give up and error out. > + */ > > doesn't explain well why the role can be dropped and why dependency doesn't protect against it. The trigger queue exists only in memory, and PostgreSQL tracks dependencies only between persisted objects. Do you think that I should add a sentence like that to the comment? Yours, Laurenz Albe