Stephen Frost wrote:
I can perhaps see a special case for SECURITY DEFINER functions but if
we're going to special case them I'd think we'd need to make them only
be creatable/modifiable at all by superusers or add another flag to the
role to allow that.
I agree that owner changes of SECURITY DEFINER functions seem dangerous. I
would follow Stephen's idea that SECURITY DEFINER functions should only be
creatable/modifiable by superusers.
This would be similar to unix, where setting the suid/sgid bits is usually
only allowed to root.
Best Regards,
Michael Paesold
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings
