Re: [PATCH] DefaultACLs

Petr Jelinek wrote:
> KaiGai Kohei napsal(a):
>> I tried to check the default ACL behavior.
>>
>> It works for me fine, good, but ...
>>
>> postgres=> SELECT * INTO t3 FROM t1;
>> SELECT
>> postgres=> SELECT * FROM t3;
>> a | b
>> ---+-----
>> 1 | aaa
>> 2 | bbb
>> (2 rows)
>>
>> postgres=> INSERT INTO t3 VALUES (3,'ccc');
>> ERROR: permission denied for relation t3
>>
>> In this case, the new table t3 is created with the default ACL which does not
>> allow to insert any values by the owner of the relation.
>>
>> SELECT INTO does not check ACL_INSERT on the newly created tables, because
>> we had been able to assume the table owner always has privilege to insert
>> values into the new table.
>> So, OpenIntoRel() didn't check this obvious privilege.
>>
>> But the default ACL feature breaks this assumption. The table owner may not
>> have privilege to insert values into new tables.
>> So, it is necessary to put actual access controls on the OpenIntoRel().
>>
>
> That's strange behavior I agree. However I don't see how default ACLs
> changed it in any way, owner could REVOKE his privileges before.
>
I don't think the default ACL feature should do something ad-hoc here.

Is there anything necessary more than adding permission checks to insert
values into the new table?

Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>