| From: | Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>, Greg Smith <greg(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Largeobject Access Controls (r2460) |
| Date: | 2009-12-11 01:16:56 |
| Message-ID: | 20091211101656.8C66.52131E4D@oss.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:
> > we still allow "SELECT * FROM pg_largeobject" ...right?
>
> It can be solved with revoking any privileges from anybody in the initdb
> phase. So, we should inject the following statement for setup_privileges().
>
> REVOKE ALL ON pg_largeobject FROM PUBLIC;
OK, I'll add the following description in the documentation of pg_largeobject.
<structname>pg_largeobject</structname> should not be readable by the
public, since the catalog contains data in large objects of all users.
<structname>pg_largeobject_metadata</> is a publicly readable catalog
that only contains identifiers of large objects.
> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
> gettext_noop("Turn on/off privilege checks on large objects."),
The description is true, but gives a confusion because
"lo_compat_privileges = on" means "privilege checks are turned off".
short desc: Enables backward compatibility in privilege checks on large objects
long desc: When turned on, privilege checks on large objects are disabled.
Are those descriptions appropriate?
Regards,
---
Takahiro Itagaki
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Smith | 2009-12-11 01:28:57 | Re: Adding support for SE-Linux security |
| Previous Message | Greg Smith | 2009-12-11 01:13:36 | Re: thread safety on clients |