Skip site navigation (1) Skip section navigation (2)

permission issue

From: "Vadim B(dot) Mikheev" <vadim(at)sable(dot)krasnoyarsk(dot)su>
To: hackers(at)postgresql(dot)org
Subject: permission issue
Date: 1998-02-27 07:30:08
Message-ID: 34F66B80.F66AE20E@sable.krasnoyarsk.su (view raw or flat)
Thread:
Lists: pgsql-hackers
Tables INS (x int) and SEL (y int) are owned by dbadm, for another
user SELECT granted on SEL, INSERT - on INS.

Should another user be able to do

insert into ins select y from sel where x = y;

or not ? 
Currently, PG allows this. Backend tries to check 
(in execMain.c:ExecCheckPerms()) is READ access to
table being changed granted to user or not, but this check
seems to be quite stupid:

            qvars = pull_varnos(parseTree->qual);
            tvars = pull_varnos((Node *) parseTree->targetList);
            if (intMember(resultRelation, qvars) ||
                intMember(resultRelation, tvars))

: pull_varnos is very simple and just skips expressions in
qual & target list.

We have to either get rid of this check or change it.

What do you think ?
How "big boys" handle this ?

Vadim

Responses

pgsql-hackers by date

Next:From: Maurice GittensDate: 1998-02-27 08:57:11
Subject: Howto add a field to each postgresql tuple
Previous:From: Vadim B. MikheevDate: 1998-02-27 07:13:08
Subject: Re: [HACKERS] INT2OID, etc.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group