| From: | Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | ishii(at)sraoss(dot)co(dot)jp |
| Cc: | hoshiai(at)sraoss(dot)co(dot)jp, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal to suppress errors thrown by to_reg*() |
| Date: | 2019-03-20 00:03:45 |
| Message-ID: | 20190320.090345.44491720.horiguchi.kyotaro@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At Tue, 19 Mar 2019 19:09:59 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp> wrote in <20190319(dot)190959(dot)25783254(dot)horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>
> That works in a transaction. It looks right that the actually
> revoked schema cannot be accessed.
From another viewpoint, the behavior really doesn't protect nothing. The unprivileged user still can do that as the follows.
=> select to_regclass('s1.t1')::oid;
ERROR: permission denied for schema s1
=> select c.oid from pg_class c join pg_namespace n on c.relnamespace = n.oid where n.nspname = 's1' and c.relname = 't1';
oid
-------
16418
(1 row)
So, couldn't we just ignore the privilege there?
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tsunakawa, Takayuki | 2019-03-20 00:23:30 | RE: [survey] New "Stable" QueryId based on normalized query text |
| Previous Message | Michael Paquier | 2019-03-19 23:52:55 | Re: Online verification of checksums |