Skip site navigation (1) Skip section navigation (2)

Re: Tablespace patch review

From: Andreas Pflug <pgadmin(at)pse-consulting(dot)de>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>,Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: Tablespace patch review
Date: 2004-06-19 09:17:54
Message-ID: 40D404C2.7010207@pse-consulting.de (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Tom Lane wrote:

>Andreas Pflug <pgadmin(at)pse-consulting(dot)de> writes:
>  
>
>>Tom Lane wrote:
>>    
>>
>>>As for the authentication-is-expensive issue, what of it?  You *should*
>>>have to authenticate yourself in order to look inside another person's
>>>database.  The sort of cross-database inspection being proposed here
>>>would be a big security hole in many people's view.
>>>
>>>      
>>>
>>Accessing pg_class et al using the current sysuseid with acl checking 
>>should be ok and satisfy security demands, no?
>>    
>>
>
>No.  If the other user has you locked out from connecting to his
>database at all, he's probably not going to feel that he should have to
>disable your access to individual objects inside it.
>  
>
Well he's using my tablespace, so I'd like to know at least the object name.

>This has some connections to the discussions we periodically have about
>preventing Joe User from looking at the system catalogs.  If we make any
>changes in this area at all, I would expect them to be in the direction
>of narrowing access, not widening it to include being able to see
>other databases' catalogs.
>  
>
Superuser/tablespace owner isn't quite Joe User, I believe.

Actually, there seem quite some other cross database/shared table issues 
(schema default tablespace, dropping user who owns objects) which make 
it desirable to have superuser readonly access to pg_catalog tables. 
Maybe a todo for 7.6...

Regards,
Andreas



In response to

pgsql-hackers by date

Next:From: Andreas PflugDate: 2004-06-19 09:30:50
Subject: Re: Compilation failes in CVS tip
Previous:From: Devrim GUNDUZDate: 2004-06-19 09:11:42
Subject: Compilation failes in CVS tip

pgsql-patches by date

Next:From: Andreas PflugDate: 2004-06-19 09:22:37
Subject: Re: Tablespace patch review
Previous:From: Christopher Kings-LynneDate: 2004-06-19 08:26:15
Subject: Re: Tablespace patch review

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group