Re: [HACKERS] [PATCH] Re: Setuid functions

Поиск
Список
Период
Сортировка
От Mark Volpe
Тема Re: [HACKERS] [PATCH] Re: Setuid functions
Дата
Msg-id 3B4EF66D.476A256D@epa.gov
обсуждение исходный текст
Ответ на Re: [HACKERS] [PATCH] Re: Setuid functions  (Bruce Momjian <pgman@candle.pha.pa.us>)
Список pgsql-patches
Дерево обсуждения 
Might as well just get rid of that one; Peter's right about the security hole.

The simplest fix I see is to allow SET AUTHORIZATION only in superuser-owned
functions. It would still be potentially useful that way. Doing this the
"right" way (with users needing regrantable privileges, etc.) would involve
too much effort for too little reward, IMHO.

(Repost - I don't think this made it to the list)

Mark

Bruce Momjian wrote:
>
> I am backing out this SET AUTHORIZATION patch until we can resolve the
> security issues.  It will remain in the patch queue at:
>
>         http://candle.pha.pa.us/cgi-bin/pgpatches
>

В списке pgsql-patches по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: [JDBC] Patch for handling long null terminated strings in JDBC driver
Следующее
От: Anders Bengtsson
Дата:
Сообщение: Re: [JDBC] [PATCH] Cleanup of JDBC character encoding