Hi, Martijn, Martijn van Oosterhout wrote:
> Someone writing SECURITY DEFINER in their function definition has to be > understood to know what they're doing. After all, "chmod +s" doesn't > reset global execute permissions either, because that would be far too > confusing. The same applies here IMHO. The whole point is to be > executed by other users. But I have the possibility to "chmod a-x" before "chmod +s" the file. Maybe we should add "[NOT] PUBLICLY EXCUTABLE"[1] keywords to CREATE FUNCTION, with the default being the current behaviour for now (possibly configurable). Add an appropriate note in the docs for CREATE FUNCTION, so users are informed about the security implications. [1] alternative spelling proposals: "[NOT] PUBLIC" or "PUBLIC | PRIVATE" Thinking about it, "CREATE [OR REPLACE] [PUBLIC|PRIVATE] FUNCTION ..." seems the "most sexy" variant in my eyes. HTH, Markus -- Markus Schaber | Logical Tracking&Tracing International AG Dipl. Inf. | Software Development GIS Fight against software patents in Europe! www.ffii.org www.nosoftwarepatents.org
signature.asc
Description: OpenPGP digital signature
