Re: Updates of SE-PostgreSQL 8.4devel patches (r1197) - Mailing list pgsql-hackers

From Simon Riggs
Subject Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)
Date
Msg-id 1226092265.27904.159.camel@ebony.2ndQuadrant
Whole thread Raw
In response to Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)  ("Robert Haas" <robertmhaas@gmail.com>)
Responses Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)
Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)
Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)
List pgsql-hackers
On Fri, 2008-11-07 at 15:12 -0500, Robert Haas wrote:
> > Foreign Key deletions could be handled correctly if you treat them as
> > updates. If we have the following example
> >
> > TableA
> > security_context=y value=2 fk=1
> >
> > TableB
> > security_context=x value=1
> >
> > TableA refers to TableB. Context x cannot see context y.
> >
> > So if somebody with context x tries to delete value1 from TableB, they
> > will be refused because of a row they cannot see. In this case the
> > correct action is to update the tuple in TableB so it now has a
> > security_context = y. The user with x cannot see it and can be persuaded
> > he deleted it, while the user with y can still see it.
> 
> It seems odd for a low-privilege user to be able to elevate the
> privilege of a tuple above their own privilege level.  I also don't
> believe that the privilege level is a total order, which might make
> this something of a sticky wicket.  But those are just my thoughts as
> a non-guru.

The low-privilege user isn't elevating the label. If the tuple was
visible by multiple labels it was already elevated. All I am suggesting
is the system remove the one it can see, leaving the other ones intact.
This makes the row appear to be deleted by the lower privileged user,
whereas in fact it was merely updated. There need not be any ordering to
the labels for this scheme to work.

-- Simon Riggs           www.2ndQuadrant.comPostgreSQL Training, Services and Support



pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)
Next
From: Greg Sabino Mullane
Date:
Subject: Updated backslash consistency patch