Re: BUG #1150: grant options not properly checked
| От | Fabien COELHO |
|---|---|
| Тема | Re: BUG #1150: grant options not properly checked |
| Дата | |
| Msg-id | Pine.LNX.4.58.0405111606380.21629@sablons.cri.ensmp.fr обсуждение исходный текст |
| Ответ на | Re: BUG #1150: grant options not properly checked (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Dear Tom, > > It seems that GRANT ALL ON SCHEMA does not properly > > check for grantor rights. > > What's happening is that pg_namespace_aclcheck() allows the operation > if you have GRANT OPTION for *any* of the rights to be granted. The > same problem exists for all object types. I did not had time to go to the source code, but I thought it was likely to be a generic bug. > I am not sure whether we should refuse the operation or just narrow > the set of privileges to those that are grantable per GRANT OPTION. > Peter, any thoughts? I'm not Peter, but I have an answer anyway: the standard says it should be narrowed. ISO/IEC 9075-2:2003 (E) 12.3 <privileges> ... Syntax Rules 1) ALL PRIVILEGES is equivalent to the specification of all of the privileges on <object name> for which the <grantor> has grantable privilege descriptors. -- Fabien Coelho - coelho@cri.ensmp.fr
В списке pgsql-bugs по дате отправления: