Skip site navigation (1) Skip section navigation (2)


From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Rod Taylor <rbt(at)rbt(dot)ca>
Cc: PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: ALTER DOMAIN .. OWNER TO ..
Date: 2002-12-09 15:51:16
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-patches
Rod Taylor <rbt(at)rbt(dot)ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please.  Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?

> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?

No.  The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.

> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.

Try "3), without it, filesystem security is a joke".  Consider
	echo "rm -rf ~joe" >badscript
	chmod u+sx badscript
	chown joe badscript

PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership.  Domains might be too simple to support such
attacks ... at the moment.  I don't want to bet that they'll always be

			regards, tom lane

In response to

pgsql-patches by date

Next:From: Bruce MomjianDate: 2002-12-09 17:26:52
Subject: Re: [PATCHES] Patch to make Turks happy.
Previous:From: Rod TaylorDate: 2002-12-09 15:48:16
Subject: Re: ALTER DOMAIN .. OWNER TO ..

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group