Skip site navigation (1) Skip section navigation (2)

Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Heikki Linnakangas" <heikki(at)enterprisedb(dot)com>
Cc: "Brendan O'Shea" <boshea(at)akamai(dot)com>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Date: 2008-08-13 13:42:02
Message-ID: 17935.1218634922@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-bugs
"Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> writes:
> Tom Lane wrote:
>> Hm, the "Assert(rte->subquery != NULL)" doesn't seem right ...
>> couldn't there be non-RTE_SUBQUERY rtes in the child?

> Oh, indeed it's not okay. The original UNION ALL view is a prime example 
> of that. I didn't notice because I was testing without assertions.

Boo ...

> Hmm, do we need the copyObject() call for non-subquery RTEs? I'm 
> guessing no, because they're not modified.

Probably not.  But it strikes me that there's another sin of omission
here: function and values RTEs need to be tweaked too, because they
contain expressions thst could have uplevel Vars in them.  I'm not
certain such RTEs could appear at top level in a UNION query, but I'm
not sure they couldn't either.

I think I'd recommend continuing to copy the RTE unconditionally,
because in the cases where it's not going to be modified, there's
not enough substructure to make this expensive.

			regards, tom lane

In response to

Responses

pgsql-bugs by date

Next:From: Heikki LinnakangasDate: 2008-08-14 11:56:57
Subject: Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Previous:From: Bhaskar SirohiDate: 2008-08-13 12:38:28
Subject: BUG #4352: Service fails to start when moved from domain to workgroup

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group