Thread: CREATE CAST WITHOUT FUNCTION should require superuserness?
CREATE CAST WITHOUT FUNCTION is capable of creating binary equivalences
that will crash the backend when used (eg, between pass-by-value and
pass-by-reference datatypes). The existing restriction that you must
own one of the datatypes hardly seems like an adequate permissions
check ... especially since any unprivileged user is able to create his
own datatypes.
I think it might be a good idea to require superuser permissions to
create a binary-equivalence cast. This is equivalent to the permissions
you'd need to create a dummy C function so as to cause the same failure
without using WITHOUT FUNCTION. Comments?
Also, in the present state of the code a WITHOUT FUNCTION cast does
not work if AS ASSIGNMENT isn't given: parse_coerce.c won't ever find
it. Is this intentional, or just an oversight?
regards, tom lane
Tom Lane writes: > I think it might be a good idea to require superuser permissions to > create a binary-equivalence cast. OK > Also, in the present state of the code a WITHOUT FUNCTION cast does > not work if AS ASSIGNMENT isn't given: parse_coerce.c won't ever find > it. Is this intentional, or just an oversight? It's a transition state that might be inadequately documented. In the near future the code should be restructured to allow for non-implicit binary compatible casts. But currently there are not candidates for that anyway. -- Peter Eisentraut peter_e@gmx.net
Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> Also, in the present state of the code a WITHOUT FUNCTION cast does
>> not work if AS ASSIGNMENT isn't given: parse_coerce.c won't ever find
>> it. Is this intentional, or just an oversight?
> It's a transition state that might be inadequately documented.
Okay. Are you intending to work on it? I was thinking of doing some
cleanup work in parse_coerce, but will refrain from joggling your elbow
if you're going to deal with it.
regards, tom lane
Tom Lane writes: > Okay. Are you intending to work on it? I was thinking of doing some > cleanup work in parse_coerce, but will refrain from joggling your elbow > if you're going to deal with it. Feel free. -- Peter Eisentraut peter_e@gmx.net