| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Document that CREATE OPERATOR CLASS amounts to granting public |
| Date: | 2006-01-13 18:10:25 |
| Message-ID: | 20060113181025.5021D9DD72E@postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Document that CREATE OPERATOR CLASS amounts to granting public execute
permissions on the functions and operators contained in the opclass.
Since we already require superuser privilege to create an operator class,
there's no expansion-of-privilege hazard here, but if someone were to get
the idea of building an opclass containing functions that need security
restrictions, we'd better warn them off. Also, change the permission
checks from have-execute-privilege to have-ownership, and then comment
them all out since they're dead code anyway under the superuser restriction.
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
create_opclass.sgml (r1.13 -> r1.14)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_opclass.sgml.diff?r1=1.13&r2=1.14)
pgsql/src/backend/commands:
opclasscmds.c (r1.40 -> r1.41)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/opclasscmds.c.diff?r1=1.40&r2=1.41)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-01-13 21:32:12 | pgsql: Remove logic in XactLockTableWait() that attempted to mark a |
| Previous Message | Tom Lane | 2006-01-13 18:06:45 | pgsql: Require the issuer of CREATE TYPE to own the functions mentioned |