Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism?
| От | David G. Johnston |
|---|---|
| Тема | Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism? |
| Дата | |
| Msg-id | CAKFQuwbTnbvbbzc4XNnJn7a+cpzDJMjia0J-k6dk3C4xwk2ncQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism? (Nico Williams <nico@cryptonector.com>) |
| Ответы |
Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism?
|
| Список | pgsql-hackers |
On Wed, Oct 18, 2017 at 01:43:30PM -0700, David G. Johnston wrote:
More useful than this, for me, would be a way to get the top-most user.
That would be "session_user"?
> Introducing the concept of a stack at the SQL level here seems, at
> first glance, to be over-complicating things.
Because of the current implementation of invocation of SECURITY DEFINER
functions, a stack is trivial to build, since it's a list of nodes
allocated on the C stack in fmgr_security_definer().
Not saying its difficult (or not) to code in C; but exposing that to SQL seems like a big step.
If I was in position to dive deeper I wouldn't foreclose on the stack idea but I'd be inclined to see if something else could be made to work with reasonable effort.
David J.
В списке pgsql-hackers по дате отправления: