| From: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
|---|---|
| To: | "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Mark Volpe <volpe(dot)mark(at)epa(dot)gov> |
| Cc: | "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | AW: AW: [PATCH] Re: Setuid functions |
| Date: | 2001-06-25 14:18:25 |
| Message-ID: | 11C1E6749A55D411A9670001FA687963368348@sdexcsrv1.f000.d0188.sd.spardat.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> > Anybody else want to object to this abbreviation idea ?
>
> I thought we already agreed to change the names per Peter's suggestion.
>
> I didn't like the original names whether abbreviated or not ...
Good. I have not seen that agreement, maybe it was implied.
I am not sure whether the feature does not actually present a security
hole ? Two collaborating users can pass each other their privileges.
I think we might need to guard that feature with a special privilege that
the function creator needs during creation( e.g. dba).
And why not use the existing "set session authorization ..." syntax?
Because it would remain after function exit? Because it needs dba to execute ?
Don't misunderstand, I like the feature, but this probably has to be considered.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-06-25 14:47:00 | Re: AW: AW: [PATCH] Re: Setuid functions |
| Previous Message | Jan Wieck | 2001-06-25 13:51:35 | RH announcement is there |