Re: [HACKERS] [PATCH] Re: Setuid functions - Mailing list pgsql-patches

From Mark Volpe
Subject Re: [HACKERS] [PATCH] Re: Setuid functions
Date
Msg-id 3B4DEF3D.AF19D7D1@epa.gov
Whole thread Raw
In response to Re: [HACKERS] [PATCH] Re: Setuid functions  (Bruce Momjian <pgman@candle.pha.pa.us>)
List pgsql-patches
Might as well just get rid of that one; Peter's right about the security hole.

The simplest fix I see is to allow SET AUTHORIZATION only in superuser-owned
functions. It would still be potentially useful that way. Doing this the
"right" way (with users needing regrantable privileges, etc.) would involve
too much effort for too little reward, IMHO.

Mark

Bruce Momjian wrote:
>
> I am backing out this SET AUTHORIZATION patch until we can resolve the
> security issues.  It will remain in the patch queue at:
>
>         http://candle.pha.pa.us/cgi-bin/pgpatches
>

pgsql-patches by date:

Previous
From: Martijn van Oosterhout
Date:
Subject: Patch to add support for partial indices
Next
From: Mark Volpe
Date:
Subject: Re: Re: [HACKERS] [PATCH] Re: Setuid functions