Ben Tilly <btilly@gmail.com> writes:
> As a security rule, you cannot create a cast without owning one of the
> types.
Check.
> The following code successfully creates it, not as postgres and not as a
> superuser.
Really? When I try that as an ordinary user, I get
ERROR: must be owner of type boolean
CONTEXT: SQL statement "ALTER TYPE bool OWNER TO current_user"
PL/pgSQL function inline_code_block line 12 at SQL statement
If there is a way where that actually does work without superuser
privileges, please send the details to security@postgresql.org.
regards, tom lane