Re: BUG #18936: Trigger enable users to modify the tables which hedoesn't have privilege
ZhangChi <798604270@qq.com>
From: ZhangChi <798604270@qq.com>
To: Laurenz Albe <laurenz.albe@cybertec.at>, pgsql-bugs <pgsql-bugs@lists.postgresql.org>
Date: 2025-05-24T03:06:24Z
Lists: pgsql-bugs
Thanks for your reply! However, it is common in some database servers for an attacker to gain minimal privileges on a single table within a target database. For instance, when registering an account on a service, the system might grant the user access to a dedicated table. Using the TRIGGER mechanism as I showed, such an attacker could then delete or exfiltrate data from other tables beyond their authorized access. Notably, this attack doesn't require superuser privileges - only access to the two relevant tables. Permitting users to create triggers that can affect tables beyond their privilege scope appears to be a problematic design choice. Such triggers may be inadvertently executed by privileged users without their knowledge, creating potential security vulnerabilities.