Home > mailing lists

Re: Proposal to suppress errors thrown by to_reg*() - Mailing list pgsql-hackers

From	Kyotaro HORIGUCHI
Subject	Re: Proposal to suppress errors thrown by to_reg*()
Date	March 20, 2019 03:03:45
Msg-id	20190320.090345.44491720.horiguchi.kyotaro@lab.ntt.co.jp Whole thread Raw
In response to	Re: Proposal to suppress errors thrown by to_reg*() (Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp>)
List	pgsql-hackers

Tree view

At Tue, 19 Mar 2019 19:09:59 +0900 (Tokyo Standard Time), Kyotaro HORIGUCHI <horiguchi.kyotaro@lab.ntt.co.jp> wrote in
<20190319.190959.25783254.horiguchi.kyotaro@lab.ntt.co.jp>
> That works in a transaction. It looks right that the actually
> revoked schema cannot be accessed.

From another viewpoint, the behavior really doesn't protect nothing. The unprivileged user still can do that as the
follows.

=> select to_regclass('s1.t1')::oid;
ERROR:  permission denied for schema s1
=> select c.oid from pg_class c join pg_namespace n on c.relnamespace = n.oid where n.nspname = 's1' and c.relname =
't1';
  oid  
-------
 16418
(1 row)

So, couldn't we just ignore the privilege there?

regards.

-- 
Kyotaro Horiguchi
NTT Open Source Software Center

pgsql-hackers by date:

From: Michael Paquier
Date: 20 March 2019, 02:52:55
Subject: Re: Online verification of checksums

From: "Tsunakawa, Takayuki"
Date: 20 March 2019, 03:23:30
Subject: RE: [survey] New "Stable" QueryId based on normalized query text

Re: Proposal to suppress errors thrown by to_reg*() - Mailing list pgsql-hackers

Previous

Next