| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Rod Taylor <rbt(at)rbt(dot)ca> |
| Cc: | PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: ALTER DOMAIN .. OWNER TO .. |
| Date: | 2002-12-09 15:51:16 |
| Message-ID: | 8053.1039449076@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Rod Taylor <rbt(at)rbt(dot)ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please. Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?
> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?
No. The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.
> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.
Try "3), without it, filesystem security is a joke". Consider
echo "rm -rf ~joe" >badscript
chmod u+sx badscript
chown joe badscript
./badscript
PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership. Domains might be too simple to support such
attacks ... at the moment. I don't want to bet that they'll always be
so.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-12-09 17:26:52 | Re: [PATCHES] Patch to make Turks happy. |
| Previous Message | Rod Taylor | 2002-12-09 15:48:16 | Re: ALTER DOMAIN .. OWNER TO .. |