KaiGai Kohei wrote:
I wonder why the vanilla PostgreSQL does not put pg_proc_aclcheck() on the ExecCallTriggerFunc().
I don't think we can assume any trigger functions are "trusted", because normal users with ACL_TRIGGER privilege can set their procedures on the allowed tables. It also means someone without ACL_EXECUTE to invoke the functions, but I cannot believe ACL_TRIGGER implicitly contains such a meaning. Indeed, I put a hook to check db_procedure:{execute} permission in SELinux, but putting pg_proc_aclcheck() here is meaningful not only SE-PostgreSQL users. I found another matter related to triggers. I'll report it on another messages. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com>
*** src/backend/commands/trigger.c (revision 1704) --- src/backend/commands/trigger.c (working copy) *************** *** 1560,1566 **** --- 1560,1576 ---- * call. */ if (finfo->fn_oid == InvalidOid) + { + AclResult aclresult; + + aclresult = pg_proc_aclcheck(trigdata->tg_trigger->tgfoid, + GetUserId(), ACL_EXECUTE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_PROC, + get_func_name(trigdata->tg_trigger->tgfoid)); + fmgr_info(trigdata->tg_trigger->tgfoid, finfo); + } Assert(finfo->fn_oid == trigdata->tg_trigger->tgfoid);
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers