From: | tgl(at)postgresql(dot)org (Tom Lane) |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Require superuser privilege to create base types (but not |
Date: | 2008-07-31 16:27:17 |
Message-ID: | 20080731162717.1409C754A86@cvs.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Log Message:
-----------
Require superuser privilege to create base types (but not composites, enums,
or domains). This was already effectively required because you had to own
the I/O functions, and the I/O functions pretty much have to be written in
C since we don't let PL functions take or return cstring. But given the
possible security consequences of a malicious type definition, it seems
prudent to enforce superuser requirement directly. Per recent discussion.
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
create_type.sgml (r1.76 -> r1.77)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_type.sgml?r1=1.76&r2=1.77)
pgsql/src/backend/commands:
typecmds.c (r1.121 -> r1.122)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/typecmds.c?r1=1.121&r2=1.122)
From | Date | Subject | |
---|---|---|---|
Next Message | User Bloodnok | 2008-07-31 19:34:13 | veil - veil: Documentation updates, and improved logging in |
Previous Message | User Jbcooley | 2008-07-31 02:55:19 | npgsql - Npgsql2: Updates to SQL generation. |