Re: AW: AW: [PATCH] Re: Setuid functions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at>
Cc: Mark Volpe <volpe(dot)mark(at)epa(dot)gov>, "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: AW: AW: [PATCH] Re: Setuid functions
Date: 2001-06-25 14:47:00
Message-ID: 15660.993480420@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> writes:
> I am not sure whether the feature does not actually present a security
> hole ? Two collaborating users can pass each other their privileges.

I don't see any (new) security risk here. Code written by one user can
be executed with the privileges of another --- so what? That's the
situation now, with non-setuid functions.

> And why not use the existing "set session authorization ..." syntax?

That syntax implies setting authorization permanently (for the rest of
the session). If we take over that syntax to mean local privilege
change inside a function, then it'd be impossible to let a function do a
global change in the future. Not sure if we ever want that, but I don't
think we should foreclose the possibility by using the same syntax to
mean two different things.

regards, tom lane

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Zeugswetter Andreas SB 2001-06-25 15:00:37 AW: AW: AW: [PATCH] Re: Setuid functions
Previous Message Zeugswetter Andreas SB 2001-06-25 14:18:25 AW: AW: [PATCH] Re: Setuid functions