Home > mailing lists

Re: setuid for defaults, constraints and triggers (Was: - Mailing list pgsql-hackers

From	Rod Taylor
Subject	Re: setuid for defaults, constraints and triggers (Was:
Date	October 31, 2002 14:14:56
Msg-id	1036080932.94263.23.camel@jester Whole thread Raw
In response to	Re: setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?) (Bruno Wolff III <bruno@wolff.to>)
Responses	Re: setuid for defaults, constraints and triggers (Was: What user to [sic] defaults execute as?)
List	pgsql-hackers

Tree view

On Thu, 2002-10-31 at 10:33, Bruno Wolff III wrote:
> On Thu, Oct 31, 2002 at 10:17:26 -0500,
>   Rod Taylor <rbt@rbt.ca> wrote:
> > Can't necessarily run them as the table owner, as it may give
> > information to other users with the ability to ALTER that table.
> 
> You have to be the table owner to alter a table. So it should be OK
> to have the default expressions and check constraints run as the owner.

Yes, default expressions and check constraints could possibly.  However,
both revoke complex expressions (no sub-selects, etc) so there is little
point.

Functions can already suid if you are using them in check constraints
for complex lookups.

An ASSERTION may be appropriate for suid, as would REFERENCES -- but
only when explicitly asked for, and those should run as the constraint
owner NOT as the table owner.

--  Rod Taylor

pgsql-hackers by date:

From: Tom Lane
Date: 31 October 2002, 14:01:26
Subject: Re: float output precision questions

From: "scott.marlowe"
Date: 31 October 2002, 14:43:36
Subject: Re: 7.2.3 vacuum bug

Re: setuid for defaults, constraints and triggers (Was: - Mailing list pgsql-hackers

Previous

Next