Home > mailing lists

Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
Date	August 12, 2008 02:39:21
Msg-id	25950.1218508751@sss.pgh.pa.us Whole thread Raw
In response to	Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants
List	pgsql-bugs

Tree view

I wrote:
> That's one heck of a scary patch: nowhere in list_union's API is there
> any guarantee that it preserves list ordering, but we *must not* change
> the positions of the existing rtable entries.

Actually there's a more fundamental problem, namely that pulled-up
subqueries aren't necessarily equal() to the originals.  They will
definitely be different if there were any uplevel Var references.

While you could argue that it doesn't matter because we'll only
end up redundantly checking permissions on multiple copies of the
RTEs, that's a bit beyond my threshold of ugliness...

            regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 12 August 2008, 01:54:10
Subject: Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants

From: Robert Treat
Date: 12 August 2008, 02:48:54
Subject: Re: return query with set-returning functions

Re: BUG #4350: 'select' acess given to views containing "union all" even though user has no grants - Mailing list pgsql-bugs

Previous

Next