git.postgresql.org Git - postgresql.git/commit
2006年1月13日 18:06:45 +0000 (18:06 +0000)
2006年1月13日 18:06:45 +0000 (18:06 +0000)
commit 1564e92cea27a22ace7da635fe73fc23f96f8d4e
Require the issuer of CREATE TYPE to own the functions mentioned in the
type definition. Because use of a type's I/O conversion functions isn't
access-checked, CREATE TYPE amounts to granting public execute permissions
on the functions, and so allowing it to anybody means that someone could
theoretically gain access to a function he's not supposed to be able to
execute. The parameter-type restrictions already enforced by CREATE TYPE
make it fairly unlikely that this oversight is meaningful in practice,
but still it seems like a good idea to plug the hole going forward.
Also, document the implicit grant just in case anybody gets the idea of
building I/O functions that might need security restrictions.
This is the main PostgreSQL git repository.
RSS
Atom