Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Heikki Linnakangas" <heikki(at)enterprisedb(dot)com>
Cc: "Brendan O'Shea" <boshea(at)akamai(dot)com>, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Date: 2008-08-12 01:53:58
Message-ID: 24482.1218506038@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

"Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> writes:
> + root->parse->rtable = list_union(root->parse->rtable, subquery->rtable);

That's one heck of a scary patch: nowhere in list_union's API is there
any guarantee that it preserves list ordering, but we *must not* change
the positions of the existing rtable entries.

I think it might be better to fix the problem in
pull_up_union_leaf_queries instead; given that it wasn't broken till
recently, I think it's arguably that function's fault. Can we redesign
it to pull up everything in the subquery rtable, not just what was
referenced?

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2008-08-12 02:39:11 Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Previous Message Tom Lane 2008-08-12 01:38:38 Re: return query with set-returning functions