Обсуждение: pgsql: Require the issuer of CREATE TYPE to own the functions mentioned
pgsql: Require the issuer of CREATE TYPE to own the functions mentioned
От
tgl@postgresql.org (Tom Lane)
Дата:
Log Message: ----------- Require the issuer of CREATE TYPE to own the functions mentioned in the type definition. Because use of a type's I/O conversion functions isn't access-checked, CREATE TYPE amounts to granting public execute permissions on the functions, and so allowing it to anybody means that someone could theoretically gain access to a function he's not supposed to be able to execute. The parameter-type restrictions already enforced by CREATE TYPE make it fairly unlikely that this oversight is meaningful in practice, but still it seems like a good idea to plug the hole going forward. Also, document the implicit grant just in case anybody gets the idea of building I/O functions that might need security restrictions. Modified Files: -------------- pgsql/doc/src/sgml/ref: create_type.sgml (r1.59 -> r1.60) (http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_type.sgml.diff?r1=1.59&r2=1.60) pgsql/src/backend/commands: typecmds.c (r1.85 -> r1.86) (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/typecmds.c.diff?r1=1.85&r2=1.86)