| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Kris Jurka <books(at)ejurka(dot)com> |
| Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-hackers(at)postgreSQL(dot)org, pljava-dev(at)pgfoundry(dot)org |
| Subject: | Re: Should creating a new base type require superuser status? |
| Date: | 2008-07-31 21:23:14 |
| Message-ID: | 23846.1217539394@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pljava-dev |
Kris Jurka <books(at)ejurka(dot)com> writes:
> On Wed, 30 Jul 2008, Alvaro Herrera wrote:
>> I do agree that creating base types should require a superuser though.
>> It too seems dangerous just on principle, even if today there's no
>> actual hole (that we already know of).
> pl/java already allows non-superusers to create functions returning
> cstring and base types built off of these functions.
So in other words, if pl/java is installed we have a security hole
a mile wide.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2008-07-31 22:19:29 | Re: Review: DTrace probes (merged version) ver_03 |
| Previous Message | Alvaro Herrera | 2008-07-31 21:08:41 | Re: Review: DTrace probes (merged version) ver_03 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Hallgren | 2008-08-01 20:43:53 | Re: [Pljava-dev] Should creating a new base type require superuser status? |
| Previous Message | Kris Jurka | 2008-07-31 19:45:13 | Re: Should creating a new base type require superuser status? |