Re: Tablespace patch review

Tom Lane wrote:

>Andreas Pflug <pgadmin(at)pse-consulting(dot)de> writes:
>
>
>>Tom Lane wrote:
>>
>>
>>>As for the authentication-is-expensive issue, what of it? You *should*
>>>have to authenticate yourself in order to look inside another person's
>>>database. The sort of cross-database inspection being proposed here
>>>would be a big security hole in many people's view.
>>>
>>>
>>>
>>Accessing pg_class et al using the current sysuseid with acl checking
>>should be ok and satisfy security demands, no?
>>
>>
>
>No. If the other user has you locked out from connecting to his
>database at all, he's probably not going to feel that he should have to
>disable your access to individual objects inside it.
>
>
Well he's using my tablespace, so I'd like to know at least the object name.

>This has some connections to the discussions we periodically have about
>preventing Joe User from looking at the system catalogs. If we make any
>changes in this area at all, I would expect them to be in the direction
>of narrowing access, not widening it to include being able to see
>other databases' catalogs.
>
>
Superuser/tablespace owner isn't quite Joe User, I believe.

Actually, there seem quite some other cross database/shared table issues
(schema default tablespace, dropping user who owns objects) which make
it desirable to have superuser readonly access to pg_catalog tables.
Maybe a todo for 7.6...

Regards,
Andreas