Skip site navigation (1) Skip section navigation (2)

Re: ALTER DOMAIN .. OWNER TO ..

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Rod Taylor <rbt(at)rbt(dot)ca>
Cc: PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: ALTER DOMAIN .. OWNER TO ..
Date: 2002-12-09 15:51:16
Message-ID: 8053.1039449076@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
Rod Taylor <rbt(at)rbt(dot)ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please.  Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?

> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?

No.  The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.

> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.

Try "3), without it, filesystem security is a joke".  Consider
	echo "rm -rf ~joe" >badscript
	chmod u+sx badscript
	chown joe badscript
	./badscript

PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership.  Domains might be too simple to support such
attacks ... at the moment.  I don't want to bet that they'll always be
so.

			regards, tom lane

In response to

pgsql-patches by date

Next:From: Bruce MomjianDate: 2002-12-09 17:26:52
Subject: Re: [PATCHES] Patch to make Turks happy.
Previous:From: Rod TaylorDate: 2002-12-09 15:48:16
Subject: Re: ALTER DOMAIN .. OWNER TO ..

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group