Re: [Pljava-dev] Should creating a new base type require superuser status? - Mailing list pgsql-hackers

Thomas Hallgren · August 1, 2008 21:00:33

It seems perfectly safe to me too for the reason that Kris mentions.

Tom, could you please elaborate where you see a security hole?

Regards,
Thomas Hallgren

Tom Lane wrote:
> Kris Jurka <books@ejurka.com> writes:
>   
>> On Wed, 30 Jul 2008, Alvaro Herrera wrote:
>>     
>>> I do agree that creating base types should require a superuser though.
>>> It too seems dangerous just on principle, even if today there's no
>>> actual hole (that we already know of).
>>>       
>
>   
>> pl/java already allows non-superusers to create functions returning 
>> cstring and base types built off of these functions.
>>     
>
> So in other words, if pl/java is installed we have a security hole
> a mile wide.
>
>             regards, tom lane
> _______________________________________________
> Pljava-dev mailing list
> Pljava-dev@pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pljava-dev
>   

From	Thomas Hallgren
Subject	Re: [Pljava-dev] Should creating a new base type require superuser status?
Date	August 1, 2008 21:00:33
Msg-id	48937589.10304@tada.se Whole thread Raw
In response to	Re: Should creating a new base type require superuser status? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Re: [Pljava-dev] Should creating a new base type require superuser status? (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Re: [Pljava-dev] Should creating a new base type require superuser status? - Mailing list pgsql-hackers

Previous

Next