Skip site navigation (1) Skip section navigation (2)

AW: AW: AW: [PATCH] Re: Setuid functions

From: Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at>
To: "'Tom Lane'" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Mark Volpe <volpe(dot)mark(at)epa(dot)gov>, "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: AW: AW: AW: [PATCH] Re: Setuid functions
Date: 2001-06-25 15:00:37
Message-ID: 11C1E6749A55D411A9670001FA687963368349@sdexcsrv1.f000.d0188.sd.spardat.at (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
> > I am not sure whether the feature does not actually present a security 
> > hole ? Two collaborating users can pass each other their privileges.
> 
> I don't see any (new) security risk here.  Code written by one user can
> be executed with the privileges of another --- so what?  That's the
> situation now, with non-setuid functions.

Hmm? A non-setuid function can execute code written by another user,
but is only allowed to do things the "invoker" has privileges for.
Thus it is a convenience, but does not allow the invoker to do anything
he could not type himself.
Not so with setuid functions, that is exactly why they are handy.
Without making the "definer" need an additional grant for creating such 
a function, it would be like giving him all the privs he has 
"with grant option".

> 
> > And why not use the existing "set session authorization ..." syntax?
> 
> That syntax implies setting authorization permanently (for the rest of
> the session).  If we take over that syntax to mean local privilege
> change inside a function, then it'd be impossible to let a function do a
> global change in the future.  Not sure if we ever want that, but I don't
> think we should foreclose the possibility by using the same syntax to
> mean two different things.

Yes, I was not sure about the intended standards scope of a "set session auth..." 
when called inside a function.

Andreas

Responses

pgsql-hackers by date

Next:From: Joe ConwayDate: 2001-06-25 15:17:24
Subject: Fw: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards
Previous:From: Tom LaneDate: 2001-06-25 14:47:00
Subject: Re: AW: AW: [PATCH] Re: Setuid functions

pgsql-patches by date

Next:From: Tom LaneDate: 2001-06-25 15:25:11
Subject: Re: AW: AW: AW: [PATCH] Re: Setuid functions
Previous:From: Bruce MomjianDate: 2001-06-25 14:59:11
Subject: Re: RE: [ADMIN] High memory usage [PATCH]

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group