Re: [HACKERS] permission issue
| От | Bruce Momjian |
|---|---|
| Тема | Re: [HACKERS] permission issue |
| Дата | |
| Msg-id | 199802271506.KAA06363@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | permission issue ("Vadim B. Mikheev" <vadim@sable.krasnoyarsk.su>) |
| Список | pgsql-hackers |
> > Tables INS (x int) and SEL (y int) are owned by dbadm, for another > user SELECT granted on SEL, INSERT - on INS. > > Should another user be able to do > > insert into ins select y from sel where x = y; My guess is that the other user doesn't have SELECT permissions on INS.y, so this should fail, no? > > or not ? > Currently, PG allows this. Backend tries to check > (in execMain.c:ExecCheckPerms()) is READ access to > table being changed granted to user or not, but this check > seems to be quite stupid: > > qvars = pull_varnos(parseTree->qual); > tvars = pull_varnos((Node *) parseTree->targetList); > if (intMember(resultRelation, qvars) || > intMember(resultRelation, tvars)) > > : pull_varnos is very simple and just skips expressions in > qual & target list. > > We have to either get rid of this check or change it. > > What do you think ? > How "big boys" handle this ? > > Vadim > > -- Bruce Momjian | 830 Blythe Avenue maillist@candle.pha.pa.us | Drexel Hill, Pennsylvania 19026 + If your life is a hard drive, | (610) 353-9879(w) + Christ can be your backup. | (610) 853-3000(h)
В списке pgsql-hackers по дате отправления: