Home > mailing lists

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Insufficient attention to security in contrib (mostly)
Date	August 28, 2007 16:12:17
Msg-id	28392.1188317523@sss.pgh.pa.us Whole thread Raw
In response to	Re: Insufficient attention to security in contrib (mostly) (Dave Page <dpage@postgresql.org>)
List	pgsql-hackers

Tree view

Dave Page <dpage@postgresql.org> writes:
> Tom Lane wrote:
>> * tablespace-size function requires being owner of current DB.

> I assume superusers will also be able to use it, not just the actual owner?

Right --- it'd be an "ownercheck" call which means that superusers and
anyone who's been granted membership in the owning role will succeed,
not just exact matches to the role OID.

However the privilege-bit alternatives might be easier to manage.
        regards, tom lane

pgsql-hackers by date:

From: "Heikki Linnakangas"
Date: 28 August 2007, 15:50:56
Subject: Re: Testing the other tsearch dictionaries

From: Kevin Neufeld
Date: 28 August 2007, 16:22:40
Subject: PickSplit method of 2 columns ... error

Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

Previous

Next