Re: SECURITY LABEL on shared database object

Kohei KaiGai <kaigai@kaigai.gr.jp>

From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Joe Conway <mail@joeconway.com>, "Hackers (PostgreSQL)" <pgsql-hackers@postgresql.org>, Kohei Kaigai <Kohei.Kaigai@emea.nec.com>
Date: 2011-07-02T09:55:01Z
Lists: pgsql-hackers

Attachments

The attached patch re-defines pg_shseclabel.provider as NameData,
instead of Text,
and revert changes to catcache.c about collation.

Rest of parts are not changed.

Thanks,

2011/7/2 Kohei KaiGai <kaigai@kaigai.gr.jp>:
> 2011/7/2 Tom Lane <tgl@sss.pgh.pa.us>:
>> Kohei KaiGai <kaigai@kaigai.gr.jp> writes:
>>> The origin of matter is, as you mentioned, collation to be used for system
>>> catalog scan when we reference it via syscache.
>>> So, the following chunk should be added, as I did in the userspace access
>>> vector patch - part.1.
>>
>>>   @@ -934,8 +935,7 @@ CatalogCacheInitializeCache(CatCache *cache)
>>>           /* Fill in sk_strategy as well --- always standard equality */
>>>           cache->cc_skey[i].sk_strategy = BTEqualStrategyNumber;
>>>           cache->cc_skey[i].sk_subtype = InvalidOid;
>>>   -       /* Currently, there are no catcaches on collation-aware data types */
>>>   -       cache->cc_skey[i].sk_collation = InvalidOid;
>>>   +       cache->cc_skey[i].sk_collation = DEFAULT_COLLATION_OID;
>>
>> I removed such a hunk from a previous patch of yours, and I don't like
>> it any better this time.  This is just a hack that will result in
>> masking bugs.
>>
>> Consider using a non-collation-aware datatype instead, such as NAME.
>>
> I agree that pg_(sh)seclabel.provider field shall not need more than
> NAMEDATALEN.
>
> How about re-define pg_seclabel.provider field also; currently defined as TEXT?
>
> Thanks,
> --
> KaiGai Kohei <kaigai@kaigai.gr.jp>
>
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>