Permissions on aggregate component functions

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: pgsql-hackers(at)postgreSQL(dot)org
Subject: Permissions on aggregate component functions
Date: 2005-01-27 20:27:54
Message-ID: 23863.1106857674@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

I just noticed that there is no permission check anywhere in CREATE
AGGREGATE concerning the aggregate's transition and final functions.
This means anyone can trivially bypass the function EXECUTE permission
check: just make an aggregate function to call it for you. (Now, this
works only for functions whose signature fits what an aggregate
expects, but for most one- and two-argument functions you can do it.)

Clearly this is a must-fix issue, but I'm wondering exactly where the
check should be enforced. Is it sufficient to check at the time of
CREATE AGGREGATE that the creator has appropriate rights, or do we need
to do it every time the aggregate is used?

regards, tom lane

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2005-01-27 20:32:39 Re: Security Release Packaging ...
Previous Message Marc G. Fournier 2005-01-27 20:10:25 Security Release Packaging ...