From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Mitar <mmitar(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: Feature: temporary materialized views |
Date: | 2019-01-17 17:53:58 |
Message-ID: | 3eae72c8-af75-01e5-a4c0-e4896a6dec99@proxel.se |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 1/17/19 4:57 PM, Tom Lane wrote:
> Andreas Karlsson <andreas(at)proxel(dot)se> writes:
>> On 1/11/19 8:47 PM, Mitar wrote:
>>>> Is it really ok to just remove SECURITY_RESTRICTED_OPERATION from
>>>> ExecCreateTableAs()?
>
>>> The comment there said that this is not really necessary for security:
>>> "This is not necessary for security, but this keeps the behavior
>>> similar to REFRESH MATERIALIZED VIEW. Otherwise, one could create a
>>> materialized view not possible to refresh."
>
>> Hm, I am still not convinced just removing it is a good idea. Sure, it
>> is not a security issue but usability is also important.
>
> Indeed. I don't buy the argument that this should work differently
> for temp views. The fact that they're only accessible in the current
> session is no excuse for that: security considerations still matter,
> because you can have different privilege contexts within a single
> session (consider SECURITY DEFINER functions etc).
>
> What is the stumbling block to just leaving that alone?
I think the issue Mitar ran into is that the temporary materialized view
is created in the rStartup callback of the receiver which happens after
SECURITY_RESTRICTED_OPERATION is set in ExecCreateTableAs(), so the
creation of the view itself is denied.
From a cursory glance it looks like it would be possible to move the
setting of SECURITY_RESTRICTED_OPERATION to inside the rStartup
callabck, other than that the code for resetting the security context
might get a bit ugly. Do you see any flaws with that solution?
Andreas
From | Date | Subject | |
---|---|---|---|
Next Message | Chris Travers | 2019-01-17 17:57:56 | Re: Proposal for Signal Detection Refactoring |
Previous Message | John Naylor | 2019-01-17 17:43:36 | Re: WIP: Avoid creation of the free space map for small tables |