Re: On login trigger: take three
Pavel Stehule <pavel.stehule@gmail.com>
From: Pavel Stehule <pavel.stehule@gmail.com>
To: Konstantin Knizhnik <k.knizhnik@postgrespro.ru>
Cc: Greg Nancarrow <gregn4422@gmail.com>,
PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2020-12-11T16:27:27Z
Lists: pgsql-hackers
pá 11. 12. 2020 v 17:05 odesílatel Konstantin Knizhnik < k.knizhnik@postgrespro.ru> napsal: > > > On 11.12.2020 18:40, Pavel Stehule wrote: > > > is not correct. It makes it not possible to superuser to disable triggers >> for all users. >> > > pg_database_ownercheck returns true for superuser always. > > > Sorry, but I consider different case: when normal user is connected to the > database. > In this case pg_database_ownercheck returns false and trigger is not > disabled, isn't it? > My idea was to reduce necessary rights to database owners. But you have a true, so only superuser can create event trigger, so this feature cannot be used in DBaaS environments, and then my original idea was wrong. > > Also GUCs are not associated with any database. So I do not understand >> why this check of database ownership is relevant at all? >> >> What kind of protection violation we want to prevent? >> >> It seems to be obvious that normal user should not be able to prevent >> trigger execution because this triggers may be used to enforce some >> security policies. >> If trigger was created by user itself, then it can drop or disable it >> using ALTER statement. GUC is not needed for it. >> > > when you cannot connect to the database, then you cannot do ALTER. In > DBaaS environments lot of users has not superuser rights. > > > > But only superusers can set login triggers, right? > So only superuser can make a mistake in this trigger. But he have enough > rights to recover this error. Normal users are not able to define on > connection triggers and > should not have rights to disable them. > yes, it is true Pavel > -- > Konstantin Knizhnik > Postgres Professional: http://www.postgrespro.com > The Russian Postgres Company > >
Commits
-
Fix some typos in event trigger docs
- 5fce30e77fe1 17.0 landed
-
Use heap_inplace_update() to unset pg_database.dathasloginevt
- 8be93177c46b 17.0 landed
-
Remove the flaky check in event_trigger_login regression test
- 4b885d01f967 17.0 landed
-
Fix instable 006_login_trigger.pl test
- 06be01eb266b 17.0 landed
-
Add support event triggers on authenticated login
- e83d1b0c40cc 17.0 landed
-
Add GUC for temporarily disabling event triggers
- 7750fefdb2b8 17.0 landed
-
Fix typo in reference to __FreeBSD__.
- e52f8b301ed5 16.0 cited
-
Restore robustness of TAP tests that wait for postmaster restart.
- f452aaf7d4a9 14.0 cited
-
Restore the portal-level snapshot after procedure COMMIT/ROLLBACK.
- 84f5c2908dad 14.0 cited