On Apr 8, 2011, at 6:17 PM, Alvaro Herrera wrote:
>> In other words, if you wrap an unprivileged operation inside of
>> privileged operations, it seems like the unprivileged operation then
>> becomes privileged. Right?
>
> Well, it's in the hands of the creator of the overall wrapper function
> to
Excerpts from Robert Haas's message of dom abr 10 13:37:46 -0300 2011:
> It's maybe worth noting here that what's being asked for is roughly
> what you get from UNIX's distinction between euid and ruid. Many
> programs that run setuid root perform a few operations that require
> root privileges u
On Wed, Apr 6, 2011 at 6:39 PM, Jeff Davis wrote:
> On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote:
>> (Consider, for example, that you may want to enable a user to run some
>> operation to which he is authorized, but you want to carry out some
>> privileged operation before/after doing s
On Apr 8, 2011, at 7:20 PM, Alvaro Herrera wrote:
> Excerpts from A.M.'s message of mié abr 06 19:08:35 -0300 2011:
>
>> That's really strange considering that the new role may not normally
>> have permission to switch to the original role. How would you handle
>> the case where the security def
Excerpts from A.M.'s message of mié abr 06 19:08:35 -0300 2011:
> That's really strange considering that the new role may not normally
> have permission to switch to the original role. How would you handle
> the case where the security definer role is not the super user?
As I said to Jeff, it's u
Excerpts from Jeff Davis's message of mié abr 06 19:39:27 -0300 2011:
> On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote:
> > (Consider, for example, that you may want to enable a user to run some
> > operation to which he is authorized, but you want to carry out some
> > privileged operatio
On Wed, 2011-04-06 at 18:33 -0300, Alvaro Herrera wrote:
> (Consider, for example, that you may want to enable a user to run some
> operation to which he is authorized, but you want to carry out some
> privileged operation before/after doing so: for example, disable
> triggers, run an update, re-en
On Apr 6, 2011, at 5:33 PM, Alvaro Herrera wrote:
> Hi,
>
> A customer of ours has for a long time the desire to be able to return
> to the previous privilege level (i.e. the caller privs) inside a
> SECURITY DEFINER function. I find that this notion is not at all
> covered in the SQL standard,
Hi,
A customer of ours has for a long time the desire to be able to return
to the previous privilege level (i.e. the caller privs) inside a
SECURITY DEFINER function. I find that this notion is not at all
covered in the SQL standard, yet the use case is certainly valid from a
security-concious po
