The lack of a permissions check for creating a child table means that
in current sources, any user can inject data of his choosing into
another user's tables. Example:
User A:
regression=> create table foo (f1 text);
CREATE
regression=> insert into foo values ('good data');
INSERT 271570 1
User B:
regression=> create table foohack () inherits (foo);
CREATE
regression=> insert into foohack values ('you have been hacked!');
INSERT 271598 1
Now User A sees:
regression=> select * from foo; f1
-----------------------good datayou have been hacked!
(2 rows)
User A can only avoid this trap by being very careful to specify ONLY
in every query. If he *intends* to use foo as an inheritance tree
master, then that cure doesn't work either.
Just to add insult to injury, user A is now unable to drop table foo.
He'll also get permission failures from commands like "UPDATE foo ..."
I suppose a proper fix would involve adding a new permission type "can
make child tables", but I don't want to mess with that at the moment.
For 7.1, I propose that we only allow creation of child tables to the
owner of the parent table.
Comments?
regards, tom lane
PS: another interesting problem: create a temp table, then create a
non-temp table that inherits from it. Unhappiness ensues when you
end your session. Need to prohibit this combination, I think.
