| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> |
| Cc: | "Brendan O'Shea" <boshea(at)akamai(dot)com>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants |
| Date: | 2008-08-13 13:42:02 |
| Message-ID: | 17935.1218634922@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
"Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> writes:
> Tom Lane wrote:
>> Hm, the "Assert(rte->subquery != NULL)" doesn't seem right ...
>> couldn't there be non-RTE_SUBQUERY rtes in the child?
> Oh, indeed it's not okay. The original UNION ALL view is a prime example
> of that. I didn't notice because I was testing without assertions.
Boo ...
> Hmm, do we need the copyObject() call for non-subquery RTEs? I'm
> guessing no, because they're not modified.
Probably not. But it strikes me that there's another sin of omission
here: function and values RTEs need to be tweaked too, because they
contain expressions thst could have uplevel Vars in them. I'm not
certain such RTEs could appear at top level in a UNION query, but I'm
not sure they couldn't either.
I think I'd recommend continuing to copy the RTE unconditionally,
because in the cases where it's not going to be modified, there's
not enough substructure to make this expensive.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2008-08-14 11:56:57 | Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants |
| Previous Message | Bhaskar Sirohi | 2008-08-13 12:38:28 | BUG #4352: Service fails to start when moved from domain to workgroup |