Skip site navigation (1) Skip section navigation (2)

AW: AW: [PATCH] Re: Setuid functions

From: Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at>
To: "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Volpe <volpe(dot)mark(at)epa(dot)gov>
Cc: "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: AW: AW: [PATCH] Re: Setuid functions
Date: 2001-06-25 14:18:25
Message-ID: 11C1E6749A55D411A9670001FA687963368348@sdexcsrv1.f000.d0188.sd.spardat.at (view raw or flat)
Thread:
Lists: pgsql-hackers
> > Anybody else want to object to this abbreviation idea ?
> 
> I thought we already agreed to change the names per Peter's suggestion.
> 
> I didn't like the original names whether abbreviated or not ...

Good. I have not seen that agreement, maybe it was implied.
I am not sure whether the feature does not actually present a security 
hole ? Two collaborating users can pass each other their privileges.
I think we might need to guard that feature with a special privilege that 
the function creator needs during creation( e.g. dba).

And why not use the existing "set session authorization ..." syntax?
Because it would remain after function exit? Because it needs dba to execute ? 

Don't misunderstand, I like the feature, but this probably has to be considered.

Andreas

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2001-06-25 14:47:00
Subject: Re: AW: AW: [PATCH] Re: Setuid functions
Previous:From: Jan WieckDate: 2001-06-25 13:51:35
Subject: RH announcement is there

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group