Quick Links

Re: Insufficient attention to security in contrib (mostly)

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Dave Page <dpage(at)postgresql(dot)org>
Cc:	Josh Berkus <josh(at)agliodbs(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Insufficient attention to security in contrib (mostly)
Date:	2007-08-28 16:12:03
Message-ID:	28392.1188317523@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Dave Page <dpage(at)postgresql(dot)org> writes:
> Tom Lane wrote:
>> * tablespace-size function requires being owner of current DB.

> I assume superusers will also be able to use it, not just the actual owner?

Right --- it'd be an "ownercheck" call which means that superusers and
anyone who's been granted membership in the owning role will succeed,
not just exact matches to the role OID.

However the privilege-bit alternatives might be easier to manage.

regards, tom lane

In response to

Re: Insufficient attention to security in contrib (mostly) at 2007-08-28 15:36:04 from Dave Page

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Kevin Neufeld	2007-08-28 16:23:14	PickSplit method of 2 columns ... error
Previous Message	Heikki Linnakangas	2007-08-28 15:49:49	Re: Testing the other tsearch dictionaries