| From: | Andres Freund <andres(at)anarazel(dot)de> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Privilege checks on array coercions |
| Date: | 2017-03-23 19:37:18 |
| Message-ID: | 20170323193718.soqn7qyimwohk3i4@alap3.anarazel.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2017-03-23 15:26:51 -0400, Tom Lane wrote:
> There is a test in privileges.sql (currently lines 589-625 in
> privileges.out) that seems to be dependent on the fact that the
> ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
> per-element type coercion function if it's dealing with a NULL input
> array.
>
> While fooling with Andres' faster-expressions patch, I moved the
> pg_proc_aclcheck call for this into expression compilation, causing
> that privileges.sql test to fail.
>
> Since Andres' patch moves ACL checks for regular function calls into
> expression compilation, I think it would be weird and inconsistent not
> to do so for ArrayCoerceExpr as well. Does anyone want to defend this
> privileges test case as testing for some behavior that users expect?
Not me - that seems quite sensible to change.
Andres
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mithun Cy | 2017-03-23 19:52:34 | Re: [POC] A better way to expand hash indexes. |
| Previous Message | Peter Eisentraut | 2017-03-23 19:34:48 | Re: ICU integration |