Re: minor feature request: Secure defaults during

From: Markus Schaber <schabi(at)logix-tt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: minor feature request: Secure defaults during
Date: 2006-09-20 09:59:52
Message-ID: 45111118.5090305@logix-tt.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hi, Martijn,

Martijn van Oosterhout wrote:

> Someone writing SECURITY DEFINER in their function definition has to be
> understood to know what they're doing. After all, "chmod +s" doesn't
> reset global execute permissions either, because that would be far too
> confusing. The same applies here IMHO. The whole point is to be
> executed by other users.

But I have the possibility to "chmod a-x" before "chmod +s" the file.

Maybe we should add "[NOT] PUBLICLY EXCUTABLE"[1] keywords to CREATE
FUNCTION, with the default being the current behaviour for now (possibly
configurable). Add an appropriate note in the docs for CREATE FUNCTION,
so users are informed about the security implications.

[1] alternative spelling proposals: "[NOT] PUBLIC" or "PUBLIC | PRIVATE"
Thinking about it, "CREATE [OR REPLACE] [PUBLIC|PRIVATE] FUNCTION ..."
seems the "most sexy" variant in my eyes.

HTH,
Markus

--
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS

Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Andrew Kelly 2006-09-20 10:02:48 Re: vista
Previous Message Jeremy Drake 2006-09-20 09:59:38 Re: [PATCHES] Patch for UUID datatype (beta)