Zeugswetter Andreas SB <ZeugswetterA@wien.spardat.at> writes:
> I am not sure whether the feature does not actually present a security
> hole ? Two collaborating users can pass each other their privileges.
I don't see any (new) security risk here. Code written by one user can
be executed with the privileges of another --- so what? That's the
situation now, with non-setuid functions.
> And why not use the existing "set session authorization ..." syntax?
That syntax implies setting authorization permanently (for the rest of
the session). If we take over that syntax to mean local privilege
change inside a function, then it'd be impossible to let a function do a
global change in the future. Not sure if we ever want that, but I don't
think we should foreclose the possibility by using the same syntax to
mean two different things.
regards, tom lane
