Home > mailing lists

Re: [HACKERS] [PATCH] Re: Setuid functions - Mailing list pgsql-patches

From	Mark Volpe
Subject	Re: [HACKERS] [PATCH] Re: Setuid functions
Date	July 13, 2001 12:24:04
Msg-id	3B4EF66D.476A256D@epa.gov Whole thread Raw
In response to	Re: [HACKERS] [PATCH] Re: Setuid functions (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-patches

Tree view

Might as well just get rid of that one; Peter's right about the security hole.

The simplest fix I see is to allow SET AUTHORIZATION only in superuser-owned
functions. It would still be potentially useful that way. Doing this the
"right" way (with users needing regrantable privileges, etc.) would involve
too much effort for too little reward, IMHO.

(Repost - I don't think this made it to the list)

Mark

Bruce Momjian wrote:
>
> I am backing out this SET AUTHORIZATION patch until we can resolve the
> security issues.  It will remain in the patch queue at:
>
>         http://candle.pha.pa.us/cgi-bin/pgpatches
>

pgsql-patches by date:

From: Bruce Momjian
Date: 13 July 2001, 01:24:15
Subject: Re: [JDBC] Patch for handling long null terminated strings in JDBC driver

From: Anders Bengtsson
Date: 13 July 2001, 13:17:58
Subject: Re: [JDBC] [PATCH] Cleanup of JDBC character encoding

Re: [HACKERS] [PATCH] Re: Setuid functions - Mailing list pgsql-patches

Previous

Next