On 4/21/24 14:21, Tom Lane wrote:
Adrian Klaver <adrian.kla...@aklaver.com> writes:
On 4/21/24 11:20, yudhi s wrote:
So in this case i was wondering if "event trigger" can cause any
additional threat and thus there is no such privilege like "create
trigger" exist in postgres and so it should be treated cautiously?
An event trigger runs as a superuser and executes a function that in
turn can do many things, you do the math on the threat level.
As a trivial example: an event trigger could prevent the legitimate
superuser(s) from doing anything at all in that database, just by
blocking all their commands. This might not even require malicious
intent, merely faulty coding --- but the opportunity for malicious
intent is staggeringly large.
As an FYI to above:
https://www.postgresql.org/docs/current/sql-createeventtrigger.html
"Event triggers are disabled in single-user mode (see postgres). If an
erroneous event trigger disables the database so much that you can't
even drop the trigger, restart in single-user mode and you'll be able to
do that."
regards, tom lane
--
Adrian Klaver
adrian.kla...@aklaver.com
