Re: Restrict ALTER FUNCTION CALLED ON NULL INPUT (was Re: Not quite a security hole: CREATE LANGUAGE for non-superusers)
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Noah Misch <noah@leadboat.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers@postgresql.org
Date: 2012-06-12T18:50:44Z
Lists: pgsql-hackers
On Tue, Jun 12, 2012 at 11:31 AM, Noah Misch <noah@leadboat.com> wrote: >> > Here's a patch implementing that restriction. To clarify, I see no need to >> > repeat *all* the CREATE-time checks; for example, there's no need to recheck >> > permission to use the return type. The language usage check is enough. >> >> This seems bizarre and largely unnecessary. As you stated to begin >> with, granting ownership of a function implies some degree of trust. > > Yes, but I would never expect that level of trust to include access to crash > the server as a consequence of the function's reliance on STRICT. +1. Crashes are bad. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company