From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: ExecutorCheckPerms() hook |
Date: | 2010-05-24 13:18:40 |
Message-ID: | AANLkTin3PhJ-j-VJYgSa5MET7PSYGQ800MEB53mzTHl4@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
2010/5/24 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> BTW, I guess the reason why permissions on attributes are not checked here is
> that we missed it at v8.4 development.
That's a little worrying. Can you construct and post a test case
where this results in a user-visible failure in CVS HEAD?
> The attached patch provides a common checker function of DML, and modifies
> ExecCheckRTPerms(), CopyTo() and RI_Initial_Check() to call the checker
> function instead of individual ACL checks.
This looks pretty sane to me, although I have not done a full review.
I am disinclined to create a whole new directory for it. I think the
new function should go in src/backend/catalog/aclchk.c and be declared
in src/include/utils/acl.h. If that sounds reasonable to you, please
revise and post an updated patch.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company
From | Date | Subject | |
---|---|---|---|
Next Message | Fujii Masao | 2010-05-24 13:20:53 | Synchronization levels in SR |
Previous Message | Jan Wieck | 2010-05-24 12:17:14 | Re: Specification for Trusted PLs? |