Thread
-
Add permission checks on SELECT INTO
Kohei KaiGai <kaigai@kaigai.gr.jp> — 2011-11-02T10:41:19Z
This patch adds checks of INSERT permission on new tables constructed by SELECT INTO or CREATE TABLE AS. It does not change existing behavior except for tiny bit of cases when a default privilege setting does not allow owner to insert tuples, because table's default acl allows everything to its owner. However, this check has significant meaning from the perspective of mac; to prevent a user who can reference credential information to write-out tables with public label; this characteristic is called as data-flow-control. Please also see the previous discussion as: http://bit.ly/uxeOhO Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>