Skip site navigation (1) Skip section navigation (2)

Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

From: "Joe Conway" <joe(at)conway-family(dot)com>
To: "Peter Eisentraut" <peter_e(at)gmx(dot)net>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Fw: Isn't pg_statistic a security hole - Solution Proposal
Date: 2001-06-01 22:33:30
Message-ID: 00a101c0eaea$e2a67320$dad410ac@jecw2k1 (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
> The standard approach for C-coded functions is to mark them
> 'proisstrict' in pg_proc, and then not waste any code checking for NULL;
> the function manager takes care of it for you.  The only reason not to
> do it that way is if you actually want to return non-NULL for (some
> cases with) NULL inputs.  Offhand this looks like a strict function to
> me...
>

Thanks for the feedback! To summarize the recommended changes:

- put function into backend/utils/adt/acl.c.
- remove PG_FUNCTION_INFO_V1
- mark 'proisstrict' in pg_proc
- rename to has_table_privilege()
- overload the function name for 6 versions (OIDs 1920 - 1925):
    -> has_table_privilege(text username, text relname, text priv)
    -> has_table_privilege(oid usesysid, text relname, text priv)
    -> has_table_privilege(oid usesysid, oid reloid, text priv)
    -> has_table_privilege(text username, oid reloid, text priv)
    -> has_table_privilege(text relname, text priv)    /* assumes
current_user */
    -> has_table_privilege(oid reloid, text priv)    /* assumes current_user
*/

New patch forthcoming . . .

-- Joe


In response to

Responses

pgsql-hackers by date

Next:From: Jan WieckDate: 2001-06-01 23:17:37
Subject: Sorry
Previous:From: Ryan MahoneyDate: 2001-06-01 21:08:07
Subject: Re: Re: Interesting Atricle

pgsql-patches by date

Next:From: Bruce MomjianDate: 2001-06-01 22:35:16
Subject: Re: show all;
Previous:From: Marko KreenDate: 2001-06-01 22:17:02
Subject: Re: show all;

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group