Thread: ALTER DOMAIN .. OWNER TO ..
Allow change of ownership in a domain. Either a superuser or owner of the schema may change the owner of the domain. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
Attachment
What about the owner of the schema? Chris ----- Original Message ----- From: "Rod Taylor" <rbt@rbt.ca> To: "PostgreSQL Patches" <pgsql-patches@postgresql.org> Sent: Sunday, December 08, 2002 6:19 PM Subject: [PATCHES] ALTER DOMAIN .. OWNER TO .. Allow change of ownership in a domain. Either a superuser or owner of the schema may change the owner of the domain. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
DOH! I mean, what about the owner of the domain? :) Chris ----- Original Message ----- From: "Rod Taylor" <rbt@rbt.ca> To: "PostgreSQL Patches" <pgsql-patches@postgresql.org> Sent: Sunday, December 08, 2002 6:19 PM Subject: [PATCHES] ALTER DOMAIN .. OWNER TO .. Allow change of ownership in a domain. Either a superuser or owner of the schema may change the owner of the domain. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
On Sun, 2002-12-08 at 22:31, Christopher Kings-Lynne wrote: > DOH! I mean, what about the owner of the domain? :) Alter table doesn't even allow the owner of the schema to change the table owner. Anyway... Unix has never allowed you to give away your own stuff to others on the filesystem. I'm sure there is a good reason for that :) > ----- Original Message ----- > From: "Rod Taylor" <rbt@rbt.ca> > To: "PostgreSQL Patches" <pgsql-patches@postgresql.org> > Sent: Sunday, December 08, 2002 6:19 PM > Subject: [PATCHES] ALTER DOMAIN .. OWNER TO .. > > > Allow change of ownership in a domain. > > Either a superuser or owner of the schema may change the owner of the > domain. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
Attachment
Rod Taylor <rbt@rbt.ca> writes:
> Either a superuser or owner of the schema may change the owner of the
> domain.
Superuser only, please. Or are you not familiar with the reasons why
most Unixen do not allow one to "give away" ownership of a file?
regards, tom lane
On Mon, 2002-12-09 at 09:59, Tom Lane wrote: > Rod Taylor <rbt@rbt.ca> writes: > > Either a superuser or owner of the schema may change the owner of the > > domain. > > Superuser only, please. Or are you not familiar with the reasons why > most Unixen do not allow one to "give away" ownership of a file? Not schema owner? Isn't the schema owner considered a 'superuser' of their own area? The two reasons I know of are 1) quotas, and 2) people breaking in hiding their work. We don't have quotas, and if the schema owner is 'super user' in their area, then they'll always be able to find it -- though I can understand not allowing change of owner on the schema by the schema owner (database owner and super users only...). Anyway, I'll submit the change for it to be superuser only -- and will debate that the database owner should be superuser for their database later. -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
Attachment
Only superuser may change ownership... On Mon, 2002-12-09 at 09:59, Tom Lane wrote: > Rod Taylor <rbt@rbt.ca> writes: > > Either a superuser or owner of the schema may change the owner of the > > domain. > > Superuser only, please. Or are you not familiar with the reasons why > most Unixen do not allow one to "give away" ownership of a file? > > regards, tom lane -- Rod Taylor <rbt@rbt.ca> PGP Key: http://www.rbt.ca/rbtpub.asc
Attachment
Rod Taylor <rbt@rbt.ca> writes:
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
>> Superuser only, please. Or are you not familiar with the reasons why
>> most Unixen do not allow one to "give away" ownership of a file?
> Not schema owner?
> Isn't the schema owner considered a 'superuser' of their own area?
No. The schema owner has the right to drop an item in their schema (and
maybe to rename it, I forget) but not the right to alter its properties.
This is exactly analogous to what a Unix directory owner can do to a
contained file he doesn't own.
> The two reasons I know of are 1) quotas, and 2) people breaking in
> hiding their work.
Try "3), without it, filesystem security is a joke". Consider
echo "rm -rf ~joe" >badscript
chmod u+sx badscript
chown joe badscript
./badscript
PG would be vulnerable to similar sorts of attacks if we allowed giving
away function ownership. Domains might be too simple to support such
attacks ... at the moment. I don't want to bet that they'll always be
so.
regards, tom lane
Your patch has been added to the PostgreSQL unapplied patches list at:
http://momjian.postgresql.org/cgi-bin/pgpatches
I will try to apply it within the next 48 hours.
---------------------------------------------------------------------------
Rod Taylor wrote:
-- Start of PGP signed section.
> Only superuser may change ownership...
>
> On Mon, 2002-12-09 at 09:59, Tom Lane wrote:
> > Rod Taylor <rbt@rbt.ca> writes:
> > > Either a superuser or owner of the schema may change the owner of the
> > > domain.
> >
> > Superuser only, please. Or are you not familiar with the reasons why
> > most Unixen do not allow one to "give away" ownership of a file?
> >
> > regards, tom lane
> --
> Rod Taylor <rbt@rbt.ca>
>
> PGP Key: http://www.rbt.ca/rbtpub.asc
[ Attachment, skipping... ]
-- End of PGP section, PGP failed!
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073