Rod Taylor <rbt(at)rbt(dot)ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please. Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?
> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?
No. The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.
> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.
Try "3), without it, filesystem security is a joke". Consider
echo "rm -rf ~joe" >badscript
chmod u+sx badscript
chown joe badscript
PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership. Domains might be too simple to support such
attacks ... at the moment. I don't want to bet that they'll always be
regards, tom lane
In response to
pgsql-patches by date
|Next:||From: Bruce Momjian||Date: 2002-12-09 17:26:52|
|Subject: Re: [PATCHES] Patch to make Turks happy.|
|Previous:||From: Rod Taylor||Date: 2002-12-09 15:48:16|
|Subject: Re: ALTER DOMAIN .. OWNER TO ..|