Re: AW: [HACKERS] Solution to the pg_user passwd problem !?? (c)
Bruce Momjian <maillist@candle.pha.pa.us>
From: Bruce Momjian <maillist@candle.pha.pa.us>
To: jwieck@debis.com
Cc: scrappy@hub.org, Andreas.Zeugswetter@telecom.at, pgsql-hackers@hub.org
Date: 1998-02-19T18:17:49Z
Lists: pgsql-hackers
> > > I wrote: > > The 'grant select' on views is a IMHO urgent required > > feature. I'll take a look on the code checking permissions > > and the rewrite system. > > Interesting - first of all an unprivileged user cannot create > any view "pg_rewrite: Permission denied". I think this is > absolutely wrong. > > Anyway - if we add a flag to the rangetable entry that tells > the executor in ExecCheckPerms() if this rte came from the > rewriting due to a view or not, it can skip the permission > check on that and the tests will pass. > > But then we'll run into a little security hole problem. If > the permissions only rely on access to the view, the view > owner (or public as long as ACL_WORLD_DEFAULT contains > ACL_RD) can select throug the view. So we must check on view > creation that the creator of the view has proper permissions > to what the view selects. And in addition if not all objects > the view selects are granted to public, we should > automagically revoke public from the view so the creator must > explicitly grant access to the view. > > Anything forgotten? No, I think these are the valid issues. -- Bruce Momjian maillist@candle.pha.pa.us