| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Bruce Momjian <bruce(at)momjian(dot)us>, pgsql-hackers(at)postgresql(dot)org, simon(at)2ndQuadrant(dot)com |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1324) |
| Date: | 2008-12-19 05:17:38 |
| Message-ID: | 494B2E72.5050002@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> writes:
>> Bruce Momjian wrote:
>>> 1034 and 25 are the oids for 'acllist' and 'text' and they are being
>>> added to system tables. Are you saying system tables don't use
>>> pg_security but other tables do?
>
>> It means users can refer the "security_acl" and "security_label",
>> as if they have proper types. However, in actually, they are stroed
>> as security identifiers.
>
>> When user refers "security_acl", the patched heap_getsysattr() invokes
>> rowaclHeapGetSecurityAclSysattr() to translate the security identifier
>> of Row-level ACLs into an array of ACLs. User will see the translated
>> representation, as if there is a variable length array, not an oid.
>
> This seems like a pretty bad idea that will eventually bite you in an
> uncomfortable place. Lying about what datatype a field is is just not
> safe.
Is it also correct for system attributes?
I don't think the format on storage has to be same as user visible one,
because it always fetched via heap_getsysattr().
In addition, all the route to import security attributes are hooked
and translated it into oid correctly.
What situation makes it unsafe?
> It would probably be better to expose the actual security identifier
> (as an OID or whatever it is) and provide simple translation
> capabilities a la regclass and other OID-alias types.
The regclass like approach will be fine, when we export security
relatede attributes. However, how does it handle it when we give
a new security context which is not on pg_security?
The prior version of SE-PostgreSQL has a similar idea.
It is a specific type to translate security context between text
and oid. But, it was opposed at CommitFest:May because its input
handler has to insert a new tuple when the given security context
is not found on pg_security.
It had a possibility that user declares a column as the type.
It was unhapply, because input handler cannot discriminate whether
the given input is toward the system column or user columns.
So, I think the current approach is more preferable.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-12-19 05:34:24 | Re: stat() vs cygwin |
| Previous Message | Mark Wong | 2008-12-19 05:06:51 | Re: Simple postgresql.conf wizard |