Thread
-
Proposal : changing table ownership
Mark Hollomon <mhh@nortelnetworks.com> — 2000-09-08T13:26:12Z
Syntax: ALTER TABLE <table> OWNER TO <newowner> Security: The owner of a table will be able to change the owner to any other user. The superuser will NOT have special privileges. -- Mark Hollomon mhh@nortelnetworks.com ESN 451-9008 (302)454-9008
-
Re: Proposal : changing table ownership
Tom Lane <tgl@sss.pgh.pa.us> — 2000-09-08T14:43:56Z
"Mark Hollomon" <mhh@nortelnetworks.com> writes: > ALTER TABLE <table> OWNER TO <newowner> > The owner of a table will be able to change the owner to any other user. Doesn't this create risks parallel to file give-away (chown) in Unix? A lot of Unices disallow chown except to the superuser. Tables aren't currently active objects, but we've been talking about things like making trigger functions run "setuid" to the table owner. If that happens then table ownership giveaway is a big security hole. > The superuser will NOT have special privileges. Say *what* ? That's just silly. regards, tom lane
-
Re: Proposal : changing table ownership
Marc G. Fournier <scrappy@hub.org> — 2000-09-08T14:54:30Z
On Fri, 8 Sep 2000, Tom Lane wrote: > "Mark Hollomon" <mhh@nortelnetworks.com> writes: > > ALTER TABLE <table> OWNER TO <newowner> > > > The owner of a table will be able to change the owner to any other user. > > Doesn't this create risks parallel to file give-away (chown) in Unix? > A lot of Unices disallow chown except to the superuser. Agreed ... > Tables aren't currently active objects, but we've been talking about > things like making trigger functions run "setuid" to the table owner. > If that happens then table ownership giveaway is a big security hole. > > > The superuser will NOT have special privileges. > > Say *what* ? That's just silly. *Only* superuser should be able to run the above command ...
-
Re: Proposal : changing table ownership
Mark Hollomon <mhh@nortelnetworks.com> — 2000-09-08T15:30:37Z
The Hermit Hacker wrote: > > > "Mark Hollomon" <mhh@nortelnetworks.com> writes: > > > ALTER TABLE <table> OWNER TO <newowner> > > *Only* superuser should be able to run the above command ... Fine with me. -- Mark Hollomon mhh@nortelnetworks.com ESN 451-9008 (302)454-9008