Re: patch for type privileges

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Yeb Havinga <yebhavinga(at)gmail(dot)com>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: patch for type privileges
Date: 2011-12-07 18:59:09
Message-ID: 1323284349.27491.0.camel@vanquo.pezone.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On fre, 2011-12-02 at 17:11 +0100, Yeb Havinga wrote:
> Using a cast, it is possible to create a table with a code path through
> OpenIntoRel:
>
> session 1:
> t=# revoke all on type int2 from public;
> session2 :
> t=> create table t2 (a int2);
> ERROR: permission denied for type smallint
> t=> create table t as (select 1::int2 as a);
> SELECT 1
> t=> \d t
> Table "public.t"
> Column | Type | Modifiers
> --------+----------+-----------
> a | smallint |
>
> t=>
>
> Something different: as non superuser I get this error when restricting
> a type I don't own:
>
> t=> revoke all on type int2 from public;
> ERROR: unrecognized objkind: 6

Two excellent finds. Here is an updated patch with fixes.

Attachment Content-Type Size
typacl-v3.patch text/x-patch 127.3 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2011-12-07 19:09:08 Re: [v9.2] Fix Leaky View Problem
Previous Message Tom Lane 2011-12-07 18:45:19 Re: [v9.2] Fix Leaky View Problem