Home > mailing lists

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Date	June 12, 2012 18:07:10
Msg-id	23665.1339535215@sss.pgh.pa.us Whole thread Raw
In response to	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
List	pgsql-hackers

Tree view

Stephen Frost <sfrost@snowman.net> writes:
> What I believe Kevin is getting at here is this:

> There's no way to say "run this function as user X" except by making it
> SECURITY DEFINER and owned by the user you want the function to run as.

> If we had an independent way to have the function run as a specific
> user, where that user DIDN'T own the function, I think Kevin's use case
> would be satisfied.

Interesting thought.  I'm not exactly sure who should be allowed to
apply the "RUN AS other-user" option to a function, but I can see the
possible value of separating the right to modify the function's
definition from the user the function runs as.  Kevin, does this seem
like it would address your concern?
        regards, tom lane

pgsql-hackers by date:

From: Stephen Frost
Date: 12 June 2012, 18:01:33
Subject: Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)

From: "Kevin Grittner"
Date: 12 June 2012, 18:08:26
Subject: Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)

Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers) - Mailing list pgsql-hackers

Previous

Next