| From: | "Joe Conway" <joe(at)conway-family(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, <pgsql-patches(at)postgresql(dot)org> |
| Cc: | "Peter Eisentraut" <peter_e(at)gmx(dot)net> |
| Subject: | Re: [HACKERS] Re: Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Date: | 2001-06-10 02:26:52 |
| Message-ID: | 021e01c0f154$d0b67820$0205a8c0@jecw2k1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
> I have just thought of a possible compromise. Peter is right that we
> don't want case conversion on table names that are extracted from
> catalogs. But I think we do want it on table names expressed as string
> literals. Could we make the assumption that table names in catalogs
> will be of type 'name'? If so, it'd work to make two versions of the
> has_table_privilege function, one taking type "name" and the other
> taking type "text". The "name" version would take its input as-is,
> the "text" version would do case folding and truncation. This would
> work transparently for queries selecting relation names from the system
> catalogs, and it'd also work transparently for queries using unmarked
> string literals (which will be preferentially resolved as type "text").
> Worst case if the system makes the wrong choice is you throw in an
> explicit coercion to name or text. Comments?
OK -- here's take #5.
It "make"s and "make check"s clean against current cvs tip.
There are now both Text and Name variants, and the regression test support
is rolled into the patch. Note that to be complete wrt Name based variants,
there are now 12 user visible versions of has_table_privilege:
has_table_privilege(Text usename, Text relname, Text priv_type)
has_table_privilege(Text usename, Name relname, Text priv_type)
has_table_privilege(Name usename, Text relname, Text priv_type)
has_table_privilege(Name usename, Name relname, Text priv_type)
has_table_privilege(Text relname, Text priv_type) /* assumes current_user */
has_table_privilege(Name relname, Text priv_type) /* assumes current_user */
has_table_privilege(Text usename, Oid reloid, Text priv_type)
has_table_privilege(Name usename, Oid reloid, Text priv_type)
has_table_privilege(Oid reloid, Text priv_type) /* assumes current_user */
has_table_privilege(Oid usesysid, Text relname, Text priv_type)
has_table_privilege(Oid usesysid, Name relname, Text priv_type)
has_table_privilege(Oid usesysid, Oid reloid, Text priv_type)
For the Text based inputs, a new internal function, get_Name is used
(shamelessly copied from get_seq_name in sequence.c) to downcase if not
quoted, or remove quotes if quoted, and truncate. I also added a few test
cases for the downcasing, quote removal, and Name based variants to the
regression test.
Only thing left (I hope!) is documentation. I'm sure I either have or can
get the DocBook tools, but I've never used them. Would it be simpler to
clone and hand edit one of the existing docs? Any suggestions to get me
started?
Thanks,
-- Joe
| Attachment | Content-Type | Size |
|---|---|---|
| has_priv_r5.diff | application/octet-stream | 43.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alex Pilosov | 2001-06-10 02:31:59 | cstring datatype |
| Previous Message | Bruce Momjian | 2001-06-10 02:00:11 | Re: Baby girl |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joe Conway | 2001-06-10 22:26:51 | Fw: [HACKERS] Re: Fw: Isn't pg_statistic a security hole - Solution Proposal |
| Previous Message | Bruce Momjian | 2001-06-09 22:20:32 | Re: Fw: Isn't pg_statistic a security hole - Solution Proposal |