Skip site navigation (1) Skip section navigation (2)

Re: [PATCHES] Users/Groups -> Roles

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: [PATCHES] Users/Groups -> Roles
Date: 2005-06-28 19:07:39
Message-ID: 26627.1119985659@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Stephen Frost <sfrost(at)snowman(dot)net> writes:
> The code I had for this was:

> if (!pg_class_ownercheck(tuple,GetUserId()) ||
>     !is_role_member(newowner,GetUserId()))

> That needs a check for superuser though because while the test will pass
> on the 'pg_class_ownercheck' side, it won't on the 'is_role_member' side

Um, right, that was another problem I had with it --- at one point the
regression tests were failing because the superuser wasn't allowed to
reassign object ownership ...

I'm still fairly concerned about the security implications of letting
ordinary users reassign object ownership.  The fact that SET ROLE would
let you *create* an object with ownership X is a long way away from
saying that you should be allowed to change an *existing* object to have
ownership X.  This is particularly so if you are a member of a couple of
different roles with different memberships: you will be able to cause
objects to become effectively owned by certain other people, or make
them stop being effectively owned by those people.  I don't have a clear
trouble case in mind at the moment, but this sure sounds like the stuff
of routine security-hole reports.  (Altering the ownership of a SECURITY
DEFINER function, in particular, sounds like a great path for a cracker
to pursue.)

> One place I recall seeing one and not being sure if it should be a new
> *_ownercheck() function or not was in the 2PC patch- twophase.c, line
> 380:

This one I think we can leave...

			regards, tom lane

In response to

Responses

pgsql-hackers by date

Next:From: Josh BerkusDate: 2005-06-28 19:10:22
Subject: Proposed TODO: --encoding option for pg_dump
Previous:From: Andrew DunstanDate: 2005-06-28 18:46:39
Subject: Re: Occupied port warning

pgsql-patches by date

Next:From: Stephen FrostDate: 2005-06-28 19:39:27
Subject: Re: [PATCHES] Users/Groups -> Roles
Previous:From: Stephen FrostDate: 2005-06-28 18:45:06
Subject: Re: [PATCHES] Users/Groups -> Roles

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group