Re: reuse sysids security hole? - Mailing list pgsql-hackers

From Andrew Dunstan
Subject Re: reuse sysids security hole?
Date
Msg-id 3F3A242F.3030003@dunslane.net
Whole thread Raw
In response to Re: reuse sysids security hole?  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: reuse sysids security hole?
List pgsql-hackers
Regarding second item, I don't think  anyone suggested autodropping 
objects, or else I misunderstood. (That would be dangerous, to say the 
least, IMHO). There were suggestions of reparenting objects, and warning 
of  objects losing ownership, although feasibility questions remain.  
(I'm still convinced something sensible can be done, though. I did have 
an idea of keeping a reference count of owned objects in the shadow 
table, but it just seemed too ugly and error prone and not worth it).

So maybe a better generic wording for TODO would be

* Better handling of dropping a user who owns objects.

andrew


Tom Lane wrote:

>Bruce Momjian <pgman@candle.pha.pa.us> writes:
>  
>
>>Can I have a TODO for this?
>>    
>>
>
>* Prevent accidental re-use of sysids for dropped users and groups
>
>The other part of the thread was something like
>
>* Prevent dropping user that still owns objects, or auto-drop the objects
>
>which if successful would eliminate the need to worry about sysid reuse,
>but I really don't see a feasible implementation at the moment.
>
>            regards, tom lane
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>
>  
>



pgsql-hackers by date:

Previous
From: "Christopher Kings-Lynne"
Date:
Subject: HISTORY
Next
From: Tom Lane
Date:
Subject: Re: Parsing speed (was Re: pgstats_initstats() cost)