Re: [HACKERS] permission issue

Vadim wrote:

>
> Tables INS (x int) and SEL (y int) are owned by dbadm, for another
> user SELECT granted on SEL, INSERT - on INS.
>
> Should another user be able to do
>
> insert into ins select y from sel where x = y;
>
> or not ?
> Currently, PG allows this. Backend tries to check
> (in execMain.c:ExecCheckPerms()) is READ access to
> table being changed granted to user or not, but this check
> seems to be quite stupid:
>
> qvars = pull_varnos(parseTree->qual);
> tvars = pull_varnos((Node *) parseTree->targetList);
> if (intMember(resultRelation, qvars) ||
> intMember(resultRelation, tvars))
>
> : pull_varnos is very simple and just skips expressions in
> qual & target list.
>
> We have to either get rid of this check or change it.
>
> What do you think ?
> How "big boys" handle this ?
>
> Vadim
>
>

As I wrote we must change more on the permission checking
than currently done. I plan to implement something like an
effective user which is used instead of the current user in
the checks and switch the effective user on function calls to
the owner of the function (triggers are implemented as
functions and thus also covered). And we need that effective
user too for the checks in views instead of what we did now
with skipAcl in the RTE.

I'll keep the above words in mind when doing so. But first
let's release 6.3.

Jan

--

#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#======================================== jwieck(at)debis(dot)com (Jan Wieck) #