On Fri, 8 Sep 2000, Tom Lane wrote:
> "Mark Hollomon" <mhh@nortelnetworks.com> writes:
> > ALTER TABLE <table> OWNER TO <newowner>
>
> > The owner of a table will be able to change the owner to any other user.
>
> Doesn't this create risks parallel to file give-away (chown) in Unix?
> A lot of Unices disallow chown except to the superuser.
Agreed ...
> Tables aren't currently active objects, but we've been talking about
> things like making trigger functions run "setuid" to the table owner.
> If that happens then table ownership giveaway is a big security hole.
>
> > The superuser will NOT have special privileges.
>
> Say *what* ? That's just silly.
*Only* superuser should be able to run the above command ...
