Thread

  1. Add permission checks on SELECT INTO

    Kohei KaiGai <kaigai@kaigai.gr.jp> — 2011-11-02T10:41:19Z

    This patch adds checks of INSERT permission on new tables constructed
    by SELECT INTO or CREATE TABLE AS.
    
    It does not change existing behavior except for tiny bit of cases when
    a default privilege setting does not allow owner to insert tuples,
    because table's default acl allows everything to its owner.
    However, this check has significant meaning from the perspective of
    mac; to prevent a user who can reference credential information to
    write-out tables with public label; this characteristic is called as
    data-flow-control.
    
    Please also see the previous discussion as: http://bit.ly/uxeOhO
    
    Thanks,
    -- 
    KaiGai Kohei <kaigai@kaigai.gr.jp>