| From: | Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | jwieck(at)debis(dot)com |
| Cc: | scrappy(at)hub(dot)org, Andreas(dot)Zeugswetter(at)telecom(dot)at, pgsql-hackers(at)hub(dot)org |
| Subject: | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Date: | 1998-02-19 18:17:49 |
| Message-ID: | 199802191817.NAA10322@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>
>
> I wrote:
> > The 'grant select' on views is a IMHO urgent required
> > feature. I'll take a look on the code checking permissions
> > and the rewrite system.
>
> Interesting - first of all an unprivileged user cannot create
> any view "pg_rewrite: Permission denied". I think this is
> absolutely wrong.
>
> Anyway - if we add a flag to the rangetable entry that tells
> the executor in ExecCheckPerms() if this rte came from the
> rewriting due to a view or not, it can skip the permission
> check on that and the tests will pass.
>
> But then we'll run into a little security hole problem. If
> the permissions only rely on access to the view, the view
> owner (or public as long as ACL_WORLD_DEFAULT contains
> ACL_RD) can select throug the view. So we must check on view
> creation that the creator of the view has proper permissions
> to what the view selects. And in addition if not all objects
> the view selects are granted to public, we should
> automagically revoke public from the view so the creator must
> explicitly grant access to the view.
>
> Anything forgotten?
No, I think these are the valid issues.
--
Bruce Momjian
maillist(at)candle(dot)pha(dot)pa(dot)us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 1998-02-19 18:20:06 | Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c) |
| Previous Message | Bruce Momjian | 1998-02-19 18:16:23 | Re: [HACKERS] Solution to the pg_user passwd problem !?? (c) |