Home > mailing lists

Re: [HACKERS] Privilege checks on array coercions - Mailing list pgsql-hackers

From	Andres Freund
Subject	Re: [HACKERS] Privilege checks on array coercions
Date	March 24, 2017 01:37:18
Msg-id	20170323193718.soqn7qyimwohk3i4@alap3.anarazel.de Whole thread Raw
In response to	[HACKERS] Privilege checks on array coercions (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: [HACKERS] Privilege checks on array coercions (Jim Nasby <jim@nasby.net>)
List	pgsql-hackers

Tree view

On 2017-03-23 15:26:51 -0400, Tom Lane wrote:
> There is a test in privileges.sql (currently lines 589-625 in
> privileges.out) that seems to be dependent on the fact that the
> ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
> per-element type coercion function if it's dealing with a NULL input
> array.
> 
> While fooling with Andres' faster-expressions patch, I moved the
> pg_proc_aclcheck call for this into expression compilation, causing
> that privileges.sql test to fail.
> 
> Since Andres' patch moves ACL checks for regular function calls into
> expression compilation, I think it would be weird and inconsistent not
> to do so for ArrayCoerceExpr as well.  Does anyone want to defend this
> privileges test case as testing for some behavior that users expect?

Not me - that seems quite sensible to change.

Andres

pgsql-hackers by date:

From: Peter Eisentraut
Date: 24 March 2017, 01:34:48
Subject: Re: [HACKERS] ICU integration

From: Mithun Cy
Date: 24 March 2017, 01:52:34
Subject: Re: [HACKERS] [POC] A better way to expand hash indexes.

Re: [HACKERS] Privilege checks on array coercions - Mailing list pgsql-hackers

Previous

Next