On Wed, Sep 20, 2006 at 11:59:52AM +0200, Markus Schaber wrote:
> But I have the possibility to "chmod a-x" before "chmod +s" the file.
>
> Maybe we should add "[NOT] PUBLICLY EXCUTABLE"[1] keywords to CREATE
> FUNCTION, with the default being the current behaviour for now (possibly
> configurable). Add an appropriate note in the docs for CREATE FUNCTION,
> so users are informed about the security implications.
If you're that paranoid, start a transaction, create the function,
revoke the permissions and then commit. Then no-one else will see the
function before you've set the permissions the way you want.
I agree that maybe being able to specify it during function creation
would be nice, but it's not like it's impossible now.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.