Re: security hook on table creation

Excerpts from KaiGai Kohei's message of mié sep 29 06:38:09 -0400 2010:

> (2010/09/28 12:57), Robert Haas wrote:
> > 2010/9/1 KaiGai Kohei<kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> >> This patch allows external security providers to check privileges
> >> to create a new relation and to inform the security labels to be
> >> assigned on the new one.
> >
> > Review:
> >
> > I took a brief look at this patch tonight and I think it's on the
> > wrong track. There's no reason for the hook function to return the
> > list of security labels and then have the core code turn around and
> > apply them to the object. If the hook function wants to label the
> > object, it can just as easily call SetSecurityLabel() itself.
> >
> However, it is not actually easy, because we cannot know OID of
> the new table before invocation of heap_create_with_catalog().
> So, we needed to return a list of security labels to caller of
> the hook, then the core core calls SetSecurityLabel() with newly
> assigned OID.
>
> I don't think it is an option to move the hook after the pollution
> of system catalogs, although we can pull out any information about
> the new relation from syscache.

Why not? The relation is not yet visible to other transactions until
the creation is committed, so you can apply security labels after
populating the catalogs and there's no security leak.

--
Álvaro Herrera <alvherre(at)commandprompt(dot)com>
The PostgreSQL Company - Command Prompt, Inc.
PostgreSQL Replication, Consulting, Custom Development, 24x7 support