From:
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To:
Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
Cc:
Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>,
Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>,
Greg Smith <greg(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject:
Re: Largeobject Access Controls (r2460)
Date:
2009-12-11 05:24:19
Message-ID:
4B21D783.4040308@ak.jp.nec.com (view raw or flat )
Thread:
2009-11-13 04:32:36 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-03 17:49:03 from Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
2009-12-03 17:53:43 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-03 18:23:01 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-03 19:13:10 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-03 19:25:06 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-03 20:18:47 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-03 20:33:51 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-03 20:46:44 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-03 20:50:37 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-04 02:52:03 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-04 03:39:12 from Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-04 03:42:26 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-04 05:35:10 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-07 04:19:40 from Greg Smith <greg(at)2ndquadrant(dot)com>
2009-12-07 04:42:54 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-07 16:13:57 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2009-12-07 04:46:59 from Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
2009-12-07 05:07:27 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-10 05:56:56 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-10 06:46:27 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 01:16:56 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 03:02:41 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 03:41:56 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-16 22:25:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-16 23:18:17 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-17 04:20:57 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-17 04:57:58 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-17 05:10:58 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-17 14:16:59 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-18 00:27:51 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-18 04:11:56 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-18 06:48:13 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-18 08:44:42 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-18 14:00:47 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-19 01:55:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-19 02:48:15 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-19 03:05:47 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-21 00:39:38 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-22 05:46:59 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-22 17:13:02 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-01-21 07:52:25 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-01-21 08:31:14 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-01-21 10:42:30 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-01-21 23:55:06 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-01-22 05:45:15 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-01-22 20:12:03 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-22 20:46:40 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-22 20:55:24 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-22 21:02:16 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-22 21:05:46 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-22 21:13:30 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-22 22:27:42 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-23 14:48:03 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-23 15:55:30 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-23 16:32:37 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-23 07:39:17 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2010-01-23 16:36:01 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-24 17:35:38 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-24 17:53:35 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-24 17:56:49 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-24 18:06:16 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-25 16:53:32 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-25 18:10:38 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-25 18:24:23 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-25 18:41:43 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-25 19:06:54 from "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
2010-01-25 19:46:25 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-28 02:42:15 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-01-28 09:21:43 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-01-28 15:31:34 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2010-01-28 23:40:19 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-01-29 07:15:54 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-02-01 05:19:16 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-02-01 07:10:16 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-02 00:33:41 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-02-02 01:55:41 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-02 04:49:52 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-03 15:20:52 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-02-04 08:30:39 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-04 09:38:03 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-04 17:34:33 from Robert Haas <robertmhaas(at)gmail(dot)com>
2010-02-04 18:27:44 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-02-04 21:17:07 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2010-02-05 04:53:32 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-02-05 04:59:36 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-05 06:57:40 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-08 05:17:16 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-08 13:23:11 from Alvaro Herrera <alvherre(at)commandprompt(dot)com>
2010-02-09 05:03:12 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-09 11:16:07 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2010-02-09 12:18:22 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2010-02-10 00:39:56 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2010-02-10 02:26:58 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-19 01:58:32 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-19 02:51:52 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-19 03:15:50 from Robert Haas <robertmhaas(at)gmail(dot)com>
2009-12-11 04:23:45 from Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
2009-12-11 04:57:27 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 05:10:29 from Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
2009-12-11 05:54:47 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 05:17:31 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 05:24:19 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 07:17:53 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 07:35:22 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 07:46:22 from KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
2009-12-11 08:34:11 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 08:48:07 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-12 04:04:55 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-12-14 00:40:29 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-11 15:39:22 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-11 15:59:04 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-12-11 16:42:20 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 01:24:20 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 01:39:22 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 01:55:29 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-12-13 02:15:42 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 02:31:01 from Bruce Momjian <bruce(at)momjian(dot)us>
2009-12-13 03:48:11 from KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
2009-12-14 00:26:23 from Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>
2009-12-16 22:20:33 from Bruce Momjian <bruce(at)momjian(dot)us>
Lists:
pgsql-hackers
Takahiro Itagaki wrote:
> KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:
>
>> Tom Lane wrote:
>>> Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> writes:
>>>> <structname>pg_largeobject</structname> should not be readable by the
>>>> public, since the catalog contains data in large objects of all users.
>>> This is going to be a problem, because it will break applications that
>>> expect to be able to read pg_largeobject. Like, say, pg_dump.
>> Is it a right behavior, even if we have permission checks on large objects?
>
> Can we use column-level access control here?
>
> REVOKE ALL ON pg_largeobject FROM PUBLIC;
> => GRANT SELECT (loid) ON pg_largeobject TO PUBLIC;
Indeed, it seems to me reasonable.
> We use "SELECT loid FROM pg_largeobject LIMIT 1" in pg_dump. We could
> replace pg_largeobject_metadata instead if we try to fix only pg_dump,
> but it's no wonder that any other user applications use such queries.
> I think to allow reading loid is a balanced solution.
Right, I also remind this query has to be fixed up by other reason right now.
If all the large objects are empty, this query can return nothing, even if
large object entries are in pg_largeobject_metadata.
Please wait for a while.
>> If so, we can inject a hardwired rule to prevent to select pg_largeobject
>> when lo_compat_privileges is turned off, instead of REVOKE ALL FROM PUBLIC.
>
> Is it enough to run "GRANT SELECT ON pg_largeobject TO PUBLIC" ?
Agreed.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
In response to
Responses
pgsql-hackers by date
Next :From: Robert HaasDate: 2009-12-11 05:28:38Subject : Re: SE-PostgreSQL/Lite ReviewPrevious :From : Takahiro ItagakiDate : 2009-12-11 05:17:31Subject : Re: Largeobject Access Controls (r2460)
