| From: | Markus Schaber <schabi(at)logix-tt(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: minor feature request: Secure defaults during |
| Date: | 2006-09-20 09:59:52 |
| Message-ID: | 45111118.5090305@logix-tt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi, Martijn,
Martijn van Oosterhout wrote:
> Someone writing SECURITY DEFINER in their function definition has to be
> understood to know what they're doing. After all, "chmod +s" doesn't
> reset global execute permissions either, because that would be far too
> confusing. The same applies here IMHO. The whole point is to be
> executed by other users.
But I have the possibility to "chmod a-x" before "chmod +s" the file.
Maybe we should add "[NOT] PUBLICLY EXCUTABLE"[1] keywords to CREATE
FUNCTION, with the default being the current behaviour for now (possibly
configurable). Add an appropriate note in the docs for CREATE FUNCTION,
so users are informed about the security implications.
[1] alternative spelling proposals: "[NOT] PUBLIC" or "PUBLIC | PRIVATE"
Thinking about it, "CREATE [OR REPLACE] [PUBLIC|PRIVATE] FUNCTION ..."
seems the "most sexy" variant in my eyes.
HTH,
Markus
--
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS
Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Kelly | 2006-09-20 10:02:48 | Re: vista |
| Previous Message | Jeremy Drake | 2006-09-20 09:59:38 | Re: [PATCHES] Patch for UUID datatype (beta) |