Home > mailing lists

Re: [BUGS] permissions denial to superuser with foreign keys - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: [BUGS] permissions denial to superuser with foreign keys
Date	November 4, 2017 01:47:50
Msg-id	12118.1509738470@sss.pgh.pa.us Whole thread Raw
In response to	[BUGS] permissions denial to superuser with foreign keys (Jeff Janes <jeff.janes@gmail.com>)
List	pgsql-bugs

Tree view

Jeff Janes <jeff.janes@gmail.com> writes:
> I thought superusers bypassed permissions checks, but was surprised where
> in this case they do not:

This amounts to asking for superuser permissions to propagate into
SECURITY DEFINER functions called by the superuser, which strikes me
as an utterly horrid idea.

(RI triggers aren't actually implemented with the SECURITY DEFINER
mechanism, but they act like they are.)
        regards, tom lane


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

From: Jeff Janes
Date: 04 November 2017, 01:42:42
Subject: [BUGS] permissions denial to superuser with foreign keys

From: vtap@club-internet.fr
Date: 06 November 2017, 00:33:52
Subject: [BUGS] BUG #14887: initdb.exe seems to be infected by a virus

Re: [BUGS] permissions denial to superuser with foreign keys - Mailing list pgsql-bugs

Previous

Next