On Wed, Feb 3, 2010 at 11:28, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Tim Bunce <Tim(dot)Bunce(at)pobox(dot)com> writes:
>> I do see a need for a GRANT check and I'm adding one now (based on
>> the code in CreateFunction() in functioncmds.c - thanks to RhodiumToad
>> on IRC for the pointer).
> What exactly are you proposing to check, and where, and what do you
> think that will fix?
Non plperl GRANTed people could modify the global $_SHARED variable.
Currently anyone that can make a plperl function can do anything they
want with $_SHARED. So In my mind disallowing them to set
plperl.plperl_safe_init would make the permission model of $_SHARED
consistent. No? Now im not saying its a good permission model...
In response to
pgsql-hackers by date
|Next:||From: Tom Lane||Date: 2010-02-03 18:44:02|
|Subject: Re: Recent vendor SSL renegotiation patches break PostgreSQL |
|Previous:||From: Rod Taylor||Date: 2010-02-03 18:37:28|
|Subject: Re: PG 9.0 and standard_conforming_strings|