allowing privileges on untrusted languages - Mailing list pgsql-hackers

From Peter Eisentraut
Subject allowing privileges on untrusted languages
Date
Msg-id 1357905627.24219.6.camel@vanquo.pezone.net
Whole thread Raw
Responses Re: allowing privileges on untrusted languages
Re: allowing privileges on untrusted languages
List pgsql-hackers
Here is a proposed patch for the issue discussed in
<http://archives.postgresql.org/pgsql-hackers/2012-07/msg00569.php>:

        I'd propose getting rid of lanplistrusted, at least for access
        checking.  Instead, just don't install USAGE privileges by
        default for those languages.

        The reason is that there is value in having a role that can
        deploy
        schemas, possibly containing functions in untrusted languages,
        without having to be a full superuser.  Just like you can have a
        user that can create roles without being a superuser.

It turned out that actually getting rid of lanpltrusted would be too
invasive, especially because some language handlers use it to determine
their own behavior.

So instead the lanpltrusted attribute now just determined what the
default privileges of the language are, and all the checks the require
superuserness to do anything with untrusted languages are removed.


Attachment

pgsql-hackers by date:

Previous
From: Pavel Stehule
Date:
Subject: bugfix: --echo-hidden is not supported by \sf statements
Next
From: Amit Kapila
Date:
Subject: Re: Performance Improvement by reducing WAL for Update Operation