Added to TODO:
* Prevent malicious functions from being executed with the permissions
of unsuspecting users
Index functions are safe, so VACUUM and ANALYZE are safe too.
Triggers, CHECK and DEFAULT expressions, and rules are still
vulnerable.
On 1/8/08, Tom Lane [EMAIL PROTECTED] wrote:
The other issue that ought to be on the TODO radar is that we've only
plugged the hole for the very limited case of maintenance operations that
are likely to be executed by superusers. If user A modifies user B's
table (via INSERT/UPDATE/DELETE),
On Wed, 2008-01-09 at 00:22 -0500, Tom Lane wrote:
pgsql-core wasted quite a lot of time
Core's efforts are appreciated by all, so not time wasted.
--
Simon Riggs
2ndQuadrant http://www.2ndQuadrant.com
---(end of broadcast)---
TIP 6:
Now that the dust has settled, I want to post some notes about CVE-2007-6600,
which is to my mind the most important of the five security problems fixed
in our recent security updates. There are some unfinished issues here.
Itagaki Takahiro originally identified the issue. The crux of it is