Hi, Martijn,
Martijn van Oosterhout wrote:
Someone writing SECURITY DEFINER in their function definition has to be
understood to know what they're doing. After all, chmod +s doesn't
reset global execute permissions either, because that would be far too
confusing. The same applies here IMHO.
On Wed, Sep 20, 2006 at 11:59:52AM +0200, Markus Schaber wrote:
But I have the possibility to chmod a-x before chmod +s the file.
Maybe we should add [NOT] PUBLICLY EXCUTABLE[1] keywords to CREATE
FUNCTION, with the default being the current behaviour for now (possibly
configurable). Add an
Thanks for answering; I appreciate it, as well as the efforts of all the
people who contributed to this database that I now use in my projects.
However, I feel that making a decision based on the number of prior and
possible future complaints is a poor excuse to not do the right thing. A
low
Pascal Meunier wrote:
Thanks for answering; I appreciate it, as well as the efforts of all the
people who contributed to this database that I now use in my projects.
However, I feel that making a decision based on the number of prior and
possible future complaints is a poor excuse to not do
Pascal Meunier [EMAIL PROTECTED] writes:
I asked MITRE to provide a CCE number for this issue (the CCE is a new
effort like the CVE, but for configuration issues instead of
vulnerabilities). I'll let you know if it happens.
Trying to force us to change things by getting Mitre involved is a
On 9/18/06 2:00 PM, Tom Lane [EMAIL PROTECTED] wrote:
Pascal Meunier [EMAIL PROTECTED] writes:
I asked MITRE to provide a CCE number for this issue (the CCE is a new
effort like the CVE, but for configuration issues instead of
vulnerabilities). I'll let you know if it happens.
Trying
On Mon, Sep 18, 2006 at 02:49:23PM -0400, Pascal Meunier wrote:
regardless of the outcome. Moreover, I'd rather be a carpet to the
PostgreSQL developers than be cited as the cause for a security improvement
not being made, due to having antagonized so much the developers. Please,
consider
On Mon, Sep 18, 2006 at 01:59:00PM -0400, Andrew Dunstan wrote:
Pascal Meunier wrote:
Thanks for answering; I appreciate it, as well as the efforts of all the
people who contributed to this database that I now use in my projects.
However, I feel that making a decision based on the number
Jim C. Nasby wrote:
On Mon, Sep 18, 2006 at 01:59:00PM -0400, Andrew Dunstan wrote:
Pascal Meunier wrote:
Thanks for answering; I appreciate it, as well as the efforts of all the
people who contributed to this database that I now use in my projects.
However, I feel that making a
Jim C. Nasby wrote:
This pg_dump issue keeps biting us in the rear... I think at the very
least we should have a means for a dump file to tell the backend that
it's about to process a dump file generated by version XYZ. That at
least gives us the ability to handle prior version
On Thu, Sep 14, 2006 at 10:24:43AM -0400, Pascal Meunier wrote:
First, I asked about this on #postgresql, and I realize that this request
would be a low priority item. Yet, it would be an improvement for security
reasons.
When creating a function using EXTERNAL SECURITY DEFINER, by default
Jim C. Nasby [EMAIL PROTECTED] writes:
On Thu, Sep 14, 2006 at 10:24:43AM -0400, Pascal Meunier wrote:
My request is to allow changing default permissions for function creation, a
la umask, or at least not give PUBLIC execute permissions by default.
Hrm... do we have any other objects that
12 matches
Mail list logo