Re: OWNER TO on all objects - Mailing list pgsql-hackers

From Tom Lane
Subject Re: OWNER TO on all objects
Date
Msg-id 22717.1087401598@sss.pgh.pa.us
Whole thread Raw
In response to Re: OWNER TO on all objects  (Christopher Kings-Lynne <chriskl@familyhealth.com.au>)
Responses Re: OWNER TO on all objects
List pgsql-hackers
Christopher Kings-Lynne <chriskl@familyhealth.com.au> writes:
>> No, you don't.  That allows non-superusers to give away object
>> ownership, which is well-established as a security hole; Unix
>> filesystems stopped doing it years ago.

> I worded that badly.  I meant "allow a user to change the owner of 
> something to what it already is".  ie. Just make the no-op allowed by 
> everyone.  session_auth already does this.

Ah.  Okay, no objection to that.  (In fact I believe we put in the
special case for session_auth for exactly the same reason.)
        regards, tom lane


pgsql-hackers by date:

Previous
From: Christopher Kings-Lynne
Date:
Subject: Re: OWNER TO on all objects
Next
From: Andrew Dunstan
Date:
Subject: PlPerlNG - first alpha code