NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit891e6e7

committed

Require execute permission on the trigger function for CREATE TRIGGER.

This check was overlooked when we added function execute permissions to thesystem years ago. For an ordinary trigger function it's not a big deal,since trigger functions execute with the permissions of the table owner,so they couldn't do anything the user issuing the CREATE TRIGGER couldn'thave done anyway. However, if a trigger function is SECURITY DEFINER,that is not the case. The lack of checking would allow another user toinstall it on his own table and then invoke it with, essentially, forgedinput data; which the trigger function is unlikely to realize, so it mightdo something undesirable, for instance insert false entries in an audit logtable.Reported by Dinesh Kumar, patch by Robert HaasSecurity:CVE-2012-0866

1 parent74e2916 commit891e6e7Copy full SHA for 891e6e7

File tree

2 files changed

+11

-3

lines changed

doc/src/sgml/ref
- create_trigger.sgml
src/backend/commands
- trigger.c

2 files changed

+11

-3

lines changed

`‎doc/src/sgml/ref/create_trigger.sgml`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -362,7 +362,8 @@ UPDATE OF <replaceable>column_name1</replaceable> [, <replaceable>column_name2</`
`362`	`362`
`363`	`363`	`<para>`
`364`	`364`	`To create a trigger on a table, the user must have the`
`365`		`- <literal>TRIGGER</literal> privilege on the table.`
	`365`	`+ <literal>TRIGGER</literal> privilege on the table. The user must`
	`366`	`+ also have <literal>EXECUTE</literal> privilege on the trigger function.`
`366`	`367`	`</para>`
`367`	`368`
`368`	`369`	`<para>`

`‎src/backend/commands/trigger.c`

Lines changed: 9 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -108,8 +108,8 @@ static void AfterTriggerSaveEvent(EState estate, ResultRelInfo relinfo,`
`108`	`108`	`* if TRUE causes us to modify the given trigger name to ensure uniqueness.`
`109`	`109`	`*`
`110`	`110`	`* When isInternal is not true we require ACL_TRIGGER permissions on the`
`111`		`- * relation. For internal triggersthecaller must apply any required`
`112`		`- * permission checks.`
	`111`	`+ * relation, as well as ACL_EXECUTE onthetrigger function. For internal`
	`112`	`+ *triggers the caller must apply any requiredpermission checks.`
`113`	`113`	`*`
`114`	`114`	`* Note: can return InvalidOid if we decided to not create a trigger at all,`
`115`	`115`	`* but a foreign-key constraint. This is a kluge for backwards compatibility.`
`@@ -377,6 +377,13 @@ CreateTrigger(CreateTrigStmt stmt, const char queryString,`
`377`	`377`	`* Find and validate the trigger function.`
`378`	`378`	`*/`
`379`	`379`	`funcoid=LookupFuncName(stmt->funcname,0,fargtypes, false);`
	`380`	`+if (!isInternal)`
	`381`	`+{`
	`382`	`+aclresult=pg_proc_aclcheck(funcoid,GetUserId(),ACL_EXECUTE);`
	`383`	`+if (aclresult!=ACLCHECK_OK)`
	`384`	`+aclcheck_error(aclresult,ACL_KIND_PROC,`
	`385`	`+NameListToString(stmt->funcname));`
	`386`	`+}`
`380`	`387`	`funcrettype=get_func_rettype(funcoid);`
`381`	`388`	`if (funcrettype!=TRIGGEROID)`
`382`	`389`	`{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit891e6e7

File tree

2 files changed

2 files changed

`‎doc/src/sgml/ref/create_trigger.sgml`

`‎src/backend/commands/trigger.c`

0 commit comments