A PostgreSQL flaw
Posted Feb 23, 2007 23:32 UTC (Fri) by intgr
In reply to: A PostgreSQL flaw
Parent article: A PostgreSQL flaw
No -- Mallory needs access to existing SECURITY DEFINER functions defined by a higher-privilege user. Mallory can only create his own functions, but that way he'll only be able to impersonate himself.
to post comments)