From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> |
Cc: | Mark Volpe <volpe(dot)mark(at)epa(dot)gov>, "'Bruce Momjian'" <pgman(at)candle(dot)pha(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: AW: AW: AW: [PATCH] Re: Setuid functions |
Date: | 2001-06-25 15:25:11 |
Message-ID: | 15800.993482711@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers pgsql-patches |
Zeugswetter Andreas SB <ZeugswetterA(at)wien(dot)spardat(dot)at> writes:
> Without making the "definer" need an additional grant for creating such
> a function, it would be like giving him all the privs he has
> "with grant option".
Hmm ... interesting analogy, but does it hold water? The GRANT OPTION
stuff implies the right to pass on your privileges to someone else
*permanently*. A setuid function only lets someone else do the same
things you can do at the time it is called. There's nothing there that
couldn't be done by having the one user ask the other to do something
using an outside-the-database communication channel. So I really don't
see a security issue.
I also don't see any privilege of this type in SQL92 (which does have
the concept of setuid functions, in the form of modules).
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Barry Lind | 2001-06-25 15:42:47 | Re: [HACKERS] Instrumenting and Logging in JDBC |
Previous Message | Joe Conway | 2001-06-25 15:17:24 | Fw: AW: Re: [SQL] behavior of ' = NULL' vs. MySQL vs. Stand ards |
From | Date | Subject | |
---|---|---|---|
Next Message | Barry Lind | 2001-06-25 15:39:22 | Re: [ADMIN] High memory usage [PATCH] |
Previous Message | Zeugswetter Andreas SB | 2001-06-25 15:00:37 | AW: AW: AW: [PATCH] Re: Setuid functions |