Re: security label support, part.2
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, Kevin Grittner <Kevin.Grittner@wicourts.gov>, KaiGai Kohei <kaigai@kaigai.gr.jp>, pgsql-hackers@postgresql.org
Date: 2010-08-17T18:32:14Z
Lists: pgsql-hackers
Robert Haas <robertmhaas@gmail.com> writes: > On Tue, Aug 17, 2010 at 1:50 PM, Stephen Frost <sfrost@snowman.net> wrote: >> No.. and I'm not sure we ever would. What we *have* done is removed >> all permissions checking on child tables when a parent is being >> queried.. > Yeah. I'm not totally sure that is sensible for a MAC environment. > Heck, it's arguably incorrect (though perhaps quite convenient) in a > DAC environment. IIRC, the reason we did it was that we decided the SQL spec requires it. So there's not a lot of point in debating the issue, unless you can convince us we misread the spec. regards, tom lane