| From: | Rod Taylor <rbt(at)rbt(dot)ca> |
|---|---|
| To: | Bruno Wolff III <bruno(at)wolff(dot)to> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: setuid for defaults, constraints and triggers (Was: |
| Date: | 2002-10-31 16:15:31 |
| Message-ID: | 1036080932.94263.23.camel@jester |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On Thu, 2002-10-31 at 10:33, Bruno Wolff III wrote:
> On Thu, Oct 31, 2002 at 10:17:26 -0500,
> Rod Taylor <rbt(at)rbt(dot)ca> wrote:
> > Can't necessarily run them as the table owner, as it may give
> > information to other users with the ability to ALTER that table.
>
> You have to be the table owner to alter a table. So it should be OK
> to have the default expressions and check constraints run as the owner.
Yes, default expressions and check constraints could possibly. However,
both revoke complex expressions (no sub-selects, etc) so there is little
point.
Functions can already suid if you are using them in check constraints
for complex lookups.
An ASSERTION may be appropriate for suid, as would REFERENCES -- but
only when explicitly asked for, and those should run as the constraint
owner NOT as the table owner.
--
Rod Taylor
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruno Wolff III | 2002-10-31 17:15:16 | Re: setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?) |
| Previous Message | scott.marlowe | 2002-10-31 16:06:04 | Re: DAFS? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | scott.marlowe | 2002-10-31 16:33:23 | Re: 7.2.3 vacuum bug |
| Previous Message | Tom Lane | 2002-10-31 16:01:21 | Re: float output precision questions |