| From: | Thomas Hallgren <thomas(at)tada(dot)se> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kris Jurka <books(at)ejurka(dot)com>, pljava-dev(at)pgfoundry(dot)org, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [Pljava-dev] Should creating a new base type require superuser status? |
| Date: | 2008-08-01 20:43:53 |
| Message-ID: | 48937589.10304@tada.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pljava-dev |
It seems perfectly safe to me too for the reason that Kris mentions.
Tom, could you please elaborate where you see a security hole?
Regards,
Thomas Hallgren
Tom Lane wrote:
> Kris Jurka <books(at)ejurka(dot)com> writes:
>
>> On Wed, 30 Jul 2008, Alvaro Herrera wrote:
>>
>>> I do agree that creating base types should require a superuser though.
>>> It too seems dangerous just on principle, even if today there's no
>>> actual hole (that we already know of).
>>>
>
>
>> pl/java already allows non-superusers to create functions returning
>> cstring and base types built off of these functions.
>>
>
> So in other words, if pl/java is installed we have a security hole
> a mile wide.
>
> regards, tom lane
> _______________________________________________
> Pljava-dev mailing list
> Pljava-dev(at)pgfoundry(dot)org
> http://pgfoundry.org/mailman/listinfo/pljava-dev
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-08-01 21:42:41 | Re: Re: [Pljava-dev] Should creating a new base type require superuser status? |
| Previous Message | Robert Lor | 2008-08-01 20:42:23 | Re: Review: DTrace probes (merged version) ver_03 |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-08-01 21:42:41 | Re: Re: [Pljava-dev] Should creating a new base type require superuser status? |
| Previous Message | Tom Lane | 2008-07-31 21:23:14 | Re: Should creating a new base type require superuser status? |