| From: | Nico Williams <nico(at)cryptonector(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Date: | 2017-10-18 20:01:12 |
| Message-ID: | 20171018200110.GA4496@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
It'd be nice if SECURITY DEFINER functions could see what user invoked
them, but current_user is the DEFINER user, naturally, since that's how
this is done in fmgr_security_definer().
I was thinking that fmgr_security_definer() could keep a global pointer
to a linked list (with automatic nodes) of the save_userid values. Then
we could have a SQL function for accessing these, something like
pg_current_user(level int) returning text, where level 0 is
current_user, level 1 is "the previous current_user in the stack", and
so on, returning null when level is beyond the top-level.
This seems like a simple, small, easy patch, and since I [think I] need
it I suspect others probably do as well.
Thoughts?
Nico
--
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2017-10-18 20:15:01 | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Previous Message | Justin Pryzby | 2017-10-18 19:54:54 | Re: [GENERAL] huge RAM use in multi-command ALTER of table heirarchy |