Thread

  1. Proposal : changing table ownership

    Mark Hollomon <mhh@nortelnetworks.com> — 2000-09-08T13:26:12Z

    Syntax:
    
    ALTER TABLE <table> OWNER TO <newowner>
    
    Security:
    
    The owner of a table will be able to change the owner to any other user.
    The superuser will NOT have special privileges.
    
    -- 
    
    Mark Hollomon
    mhh@nortelnetworks.com
    ESN 451-9008 (302)454-9008
    
    
  2. Re: Proposal : changing table ownership

    Tom Lane <tgl@sss.pgh.pa.us> — 2000-09-08T14:43:56Z

    "Mark Hollomon" <mhh@nortelnetworks.com> writes:
    > ALTER TABLE <table> OWNER TO <newowner>
    
    > The owner of a table will be able to change the owner to any other user.
    
    Doesn't this create risks parallel to file give-away (chown) in Unix?
    A lot of Unices disallow chown except to the superuser.
    
    Tables aren't currently active objects, but we've been talking about
    things like making trigger functions run "setuid" to the table owner.
    If that happens then table ownership giveaway is a big security hole.
    
    > The superuser will NOT have special privileges.
    
    Say *what* ?  That's just silly.
    
    			regards, tom lane
    
    
  3. Re: Proposal : changing table ownership

    Marc G. Fournier <scrappy@hub.org> — 2000-09-08T14:54:30Z

    On Fri, 8 Sep 2000, Tom Lane wrote:
    
    > "Mark Hollomon" <mhh@nortelnetworks.com> writes:
    > > ALTER TABLE <table> OWNER TO <newowner>
    > 
    > > The owner of a table will be able to change the owner to any other user.
    > 
    > Doesn't this create risks parallel to file give-away (chown) in Unix?
    > A lot of Unices disallow chown except to the superuser.
    
    Agreed ...
    
    > Tables aren't currently active objects, but we've been talking about
    > things like making trigger functions run "setuid" to the table owner.
    > If that happens then table ownership giveaway is a big security hole.
    > 
    > > The superuser will NOT have special privileges.
    > 
    > Say *what* ?  That's just silly.
    
    *Only* superuser should be able to run the above command ... 
    
    
    
  4. Re: Proposal : changing table ownership

    Mark Hollomon <mhh@nortelnetworks.com> — 2000-09-08T15:30:37Z

    The Hermit Hacker wrote:
    >
    > > "Mark Hollomon" <mhh@nortelnetworks.com> writes:
    > > > ALTER TABLE <table> OWNER TO <newowner>
    >
    > *Only* superuser should be able to run the above command ...
    
    
    Fine with me.
    
    -- 
    
    Mark Hollomon
    mhh@nortelnetworks.com
    ESN 451-9008 (302)454-9008