Re: Insufficient attention to security in contrib (mostly) - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Insufficient attention to security in contrib (mostly)
Date
Msg-id 28392.1188317523@sss.pgh.pa.us
Whole thread Raw
In response to Re: Insufficient attention to security in contrib (mostly)  (Dave Page <dpage@postgresql.org>)
List pgsql-hackers
Dave Page <dpage@postgresql.org> writes:
> Tom Lane wrote:
>> * tablespace-size function requires being owner of current DB.

> I assume superusers will also be able to use it, not just the actual owner?

Right --- it'd be an "ownercheck" call which means that superusers and
anyone who's been granted membership in the owning role will succeed,
not just exact matches to the role OID.

However the privilege-bit alternatives might be easier to manage.
        regards, tom lane


pgsql-hackers by date:

Previous
From: "Heikki Linnakangas"
Date:
Subject: Re: Testing the other tsearch dictionaries
Next
From: Kevin Neufeld
Date:
Subject: PickSplit method of 2 columns ... error