Re: [HACKERS] [PATCH] Re: Setuid functions

From: Mark Volpe <volpe(dot)mark(at)epa(dot)gov>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: [HACKERS] [PATCH] Re: Setuid functions
Date: 2001-07-12 18:41:01
Message-ID: 3B4DEF3D.AF19D7D1@epa.gov
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches

Might as well just get rid of that one; Peter's right about the security hole.

The simplest fix I see is to allow SET AUTHORIZATION only in superuser-owned
functions. It would still be potentially useful that way. Doing this the
"right" way (with users needing regrantable privileges, etc.) would involve
too much effort for too little reward, IMHO.

Mark

Bruce Momjian wrote:
>
> I am backing out this SET AUTHORIZATION patch until we can resolve the
> security issues. It will remain in the patch queue at:
>
> http://candle.pha.pa.us/cgi-bin/pgpatches
>

In response to

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2001-07-12 18:42:31 Re: [HACKERS] [PATCH] Re: Setuid functions
Previous Message Bruce Momjian 2001-07-12 18:26:53 Re: python installation patch.