Damn,
the new EXECUTE command in PL/pgSQL is a security hole. PL/pgSQL is a trusted procedural language,
meaning that regular users can write code in it. With the new EXECUTE command, someone could read and write
arbitrary files under the postgres UNIX-userid using the COPY command.
So it's easy to overwrite the hba config file for regular users. I think we have to restrict the usage of
EXECUTE inside of function to DB superusers. Meaning, the owner of the function using EXECUTE must be superuser,
notthe actual invoker.
More damned - PL/Tcl has the same functionality since ever. And there it isn't that easy to restrict, since it
hasa much more generalized SPI interface. What do we do in this case?
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#================================================== JanWieck@Yahoo.com #
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
