| From: | Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr> |
|---|---|
| To: | Christopher Browne <cbbrowne(at)gmail(dot)com> |
| Cc: | Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Getting rid of pg_pltemplate |
| Date: | 2011-08-23 20:16:01 |
| Message-ID: | m2pqjvopdq.fsf@2ndQuadrant.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Christopher Browne <cbbrowne(at)gmail(dot)com> writes:
> Actually, this is somewhat more like UNIX setuid (2).
>
> When I first started using SECURITY DEFINER functions, I thought of it
> as being "like sudo." But it's really "like setuid".
I see SECURITY DEFINER functions definitely as setuid for PostgreSQL,
but I was thinking about this CREATE EXTENSION thing more like sudo. In
the former case, you manage the rights on the object (script, function),
in the latter case you manage the rights on the command issued.
Well I guess it's a very thin line here. But maybe the parameter could
be called security_definer, knowing that the control files are a
superuser privilege thing (so the definer needs to be a superuser
granted the postgres system user).
Maybe run_script_with_superuser is more explicit for the situation though.
Regards,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2011-08-23 20:17:36 | Re: skip WAL on COPY patch |
| Previous Message | Dimitri Fontaine | 2011-08-23 20:11:57 | Re: Getting rid of pg_pltemplate |