Re: Largeobject Access Controls (r2460)

Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>

From: Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
To: KaiGai Kohei <kaigai@ak.jp.nec.com>
Cc: Jaime Casanova <jcasanov@systemguards.com.ec>, Greg Smith <greg@2ndquadrant.com>, pgsql-hackers@postgresql.org
Date: 2009-12-11T01:16:56Z
Lists: pgsql-hackers
KaiGai Kohei <kaigai@ak.jp.nec.com> wrote:

> > we still allow "SELECT * FROM pg_largeobject" ...right?
> 
> It can be solved with revoking any privileges from anybody in the initdb
> phase. So, we should inject the following statement for setup_privileges().
> 
>   REVOKE ALL ON pg_largeobject FROM PUBLIC;

OK, I'll add the following description in the documentation of pg_largeobject.

   <structname>pg_largeobject</structname> should not be readable by the
   public, since the catalog contains data in large objects of all users.
   <structname>pg_largeobject_metadata</> is a publicly readable catalog
   that only contains identifiers of large objects.

> {"lo_compat_privileges", PGC_SUSET, COMPAT_OPTIONS_PREVIOUS,
>     gettext_noop("Turn on/off privilege checks on large objects."),

The description is true, but gives a confusion because
"lo_compat_privileges = on" means "privilege checks are turned off".

  short desc: Enables backward compatibility in privilege checks on large objects
  long desc: When turned on, privilege checks on large objects are disabled.

Are those descriptions appropriate?

Regards,
---
Takahiro Itagaki
NTT Open Source Software Center