| From: | tgl(at)postgresql(dot)org (Tom Lane) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Require the issuer of CREATE TYPE to own the functions mentioned |
| Date: | 2006-01-13 18:06:45 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Log Message:
-----------
Require the issuer of CREATE TYPE to own the functions mentioned in the
type definition. Because use of a type's I/O conversion functions isn't
access-checked, CREATE TYPE amounts to granting public execute permissions
on the functions, and so allowing it to anybody means that someone could
theoretically gain access to a function he's not supposed to be able to
execute. The parameter-type restrictions already enforced by CREATE TYPE
make it fairly unlikely that this oversight is meaningful in practice,
but still it seems like a good idea to plug the hole going forward.
Also, document the implicit grant just in case anybody gets the idea of
building I/O functions that might need security restrictions.
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
create_type.sgml (r1.59 -> r1.60)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_type.sgml.diff?r1=1.59&r2=1.60)
pgsql/src/backend/commands:
typecmds.c (r1.85 -> r1.86)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/typecmds.c.diff?r1=1.85&r2=1.86)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-01-13 18:10:25 | pgsql: Document that CREATE OPERATOR CLASS amounts to granting public |
| Previous Message | User Swm | 2006-01-13 07:03:26 | conference - conference: Imported Sources |