Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)

>
>
> I wrote:
> >     The  'grant  select'  on  views  is  a  IMHO  urgent required
> >     feature.  I'll take a look on the code  checking  permissions
> >     and the rewrite system.
>
>     Interesting - first of all an unprivileged user cannot create
>     any view "pg_rewrite: Permission denied".  I  think  this  is
>     absolutely wrong.
>
>     Anyway  - if we add a flag to the rangetable entry that tells
>     the executor in ExecCheckPerms() if this rte  came  from  the
>     rewriting  due  to  a view or not, it can skip the permission
>     check on that and the tests will pass.
>
>     But then we'll run into a little security hole  problem.   If
>     the  permissions  only  rely  on access to the view, the view
>     owner  (or  public  as  long  as  ACL_WORLD_DEFAULT  contains
>     ACL_RD)  can select throug the view. So we must check on view
>     creation that the creator of the view has proper  permissions
>     to what the view selects.  And in addition if not all objects
>     the  view  selects  are  granted   to   public,   we   should
>     automagically revoke public from the view so the creator must
>     explicitly grant access to the view.
>
>     Anything forgotten?

No, I think these are the valid issues.

--
Bruce Momjian
maillist@candle.pha.pa.us