| From: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
|---|---|
| To: | Nico Williams <nico(at)cryptonector(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Date: | 2017-10-18 20:15:01 |
| Message-ID: | CAFj8pRBK0_L0abONUo9b3=frrptVHTzy7vD4wnXMGuZfSNObXQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
2017-10-18 22:01 GMT+02:00 Nico Williams <nico(at)cryptonector(dot)com>:
> It'd be nice if SECURITY DEFINER functions could see what user invoked
> them, but current_user is the DEFINER user, naturally, since that's how
> this is done in fmgr_security_definer().
>
> I was thinking that fmgr_security_definer() could keep a global pointer
> to a linked list (with automatic nodes) of the save_userid values. Then
> we could have a SQL function for accessing these, something like
> pg_current_user(level int) returning text, where level 0 is
> current_user, level 1 is "the previous current_user in the stack", and
> so on, returning null when level is beyond the top-level.
>
> This seems like a simple, small, easy patch, and since I [think I] need
> it I suspect others probably do as well.
>
> Thoughts?
>
there is a function session_user() already
regards
Pavel
> Nico
> --
>
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nico Williams | 2017-10-18 20:15:35 | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
| Previous Message | Nico Williams | 2017-10-18 20:01:12 | Interest in a SECURITY DEFINER function current_user stack access mechanism? |