Обсуждение: GRANT ON C

Поиск
Список
Период
Сортировка

GRANT ON C

От
Martin Marques
Дата:
I'm trying to load the pgcypto.sql file from the contrib in a database and
I've hit a problem which I never had in the past (maybe never did it this
way): when I try to load this file (psql -f) with a specific user, which is
not the postgres super-user I get a permission denied, and couldn't find how
to change that permission problem.
I the postgres super-user the only one that can create functions with LANGUAGE
C?

--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-----------------------------------------------------------------
Martín Marqués                  |        mmarques@unl.edu.ar
Programador, Administrador, DBA |       Centro de Telemática
                       Universidad Nacional
                            del Litoral
-----------------------------------------------------------------

Re: GRANT ON C

От
Doug McNaught
Дата:
Martin Marques <martin@bugs.unl.edu.ar> writes:

> Is the postgres super-user the only one that can create functions
> with LANGUAGE C?

Yes, because a C function can basically do anything it wants to with
the privileges of the 'postgres' user.

So you have to create the function as superuser, but you only have to
do that once for each database...

-Doug

Re: GRANT ON C

От
Martin Marques
Дата:
El Dom 07 Dic 2003 17:10, Doug McNaught escribió:
> Martin Marques <martin@bugs.unl.edu.ar> writes:
>
> > Is the postgres super-user the only one that can create functions
> > with LANGUAGE C?
>
> Yes, because a C function can basically do anything it wants to with
> the privileges of the 'postgres' user.
>
> So you have to create the function as superuser, but you only have to
> do that once for each database...

OK.
It's how I thought it was, but need confirmation. ;-)

--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-----------------------------------------------------------------
Martín Marqués                  |        mmarques@unl.edu.ar
Programador, Administrador, DBA |       Centro de Telemática
                       Universidad Nacional
                            del Litoral
-----------------------------------------------------------------

Re: GRANT ON C

От
Oliver Elphick
Дата:
On Sun, 2003-12-07 at 20:00, Martin Marques wrote:
> I'm trying to load the pgcypto.sql file from the contrib in a database and
> I've hit a problem which I never had in the past (maybe never did it this
> way): when I try to load this file (psql -f) with a specific user, which is
> not the postgres super-user I get a permission denied, and couldn't find how
> to change that permission problem.
> I the postgres super-user the only one that can create functions with LANGUAGE
> C?

Yes.  Just think of all the things you can do in C with the backend's
permissions.

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight, UK                             http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
                 ========================================
     "And if thy hand offend thee, cut it off; it is better
      for thee to enter into life maimed, than having two
      hands to go into hell, into the fire that never shall
      be quenched."                Mark 9:43

Re: GRANT ON C

От
Tom Lane
Дата:
Martin Marques <martin@bugs.unl.edu.ar> writes:
> Is the postgres super-user the only one that can create functions with
> LANGUAGE C?

Yes.  Since there's no way to constrain what a C function does, it would
be silly to imagine that a non-superuser wouldn't own the database if he
could create C functions.

            regards, tom lane