database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Require superuser privilege to create base types (but not composites, enums,

Browse Source 
or domains).  This was already effectively required because you had to own
the I/O functions, and the I/O functions pretty much have to be written in
C since we don't let PL functions take or return cstring.  But given the
possible security consequences of a malicious type definition, it seems
prudent to enforce superuser requirement directly.  Per recent discussion.
This commit is contained in:
Tom Lane
2008-07-31 16:27:16 +00:00
parent c8572986ad
commit 7bd7b2002b
2 changed files with 34 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
doc/src/sgml/ref/create_type.sgml
View File

@ -1,5 +1,5 @@
<!--
$PostgreSQL: pgsql/doc/src/sgml/ref/create_type.sgml,v 1.76 2008/07/30 19:35:12 tgl Exp $
$PostgreSQL: pgsql/doc/src/sgml/ref/create_type.sgml,v 1.77 2008/07/31 16:27:16 tgl Exp $
PostgreSQL documentation
-->
@ -99,7 +99,13 @@ CREATE TYPE <replaceable class="parameter">name</replaceable>
<para>
The third form of <command>CREATE TYPE</command> creates a new base type
(scalar type). The parameters can appear in any order, not only that
(scalar type). To create a new base type, you must be a superuser.
(This restriction is made because an erroneous type definition could
confuse or even crash the server.)
</para>
<para>
The parameters can appear in any order, not only that
illustrated above, and most are optional. You must register
two or more functions (using <command>CREATE FUNCTION</command>) before
defining the type. The support functions
@ -580,8 +586,8 @@ CREATE TYPE <replaceable class="parameter">name</replaceable>
<para>
Because there are no restrictions on use of a data type once it's been
created, creating a base type is tantamount to granting public execute
permission on the functions mentioned in the type definition. (The creator
of the type is therefore required to own these functions.) This is usually
permission on the functions mentioned in the type definition.
This is usually
not an issue for the sorts of functions that are useful in a type
definition. But you might want to think twice before designing a type
in a way that would require <quote>secret</> information to be used