Re: [PATCH] DefaultACLs - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: [PATCH] DefaultACLs
Date
Msg-id 4ACB4E13.80406@kaigai.gr.jp
Whole thread Raw
In response to Re: [PATCH] DefaultACLs  (Petr Jelinek <pjmodos@pjmodos.net>)
List pgsql-hackers
Petr Jelinek wrote:
> KaiGai Kohei napsal(a):
>> I tried to check the default ACL behavior.
>>
>> It works for me fine, good, but ...
>>
>>   postgres=> SELECT * INTO t3 FROM t1;
>>   SELECT
>>   postgres=> SELECT * FROM t3;
>>    a |  b
>>   ---+-----
>>    1 | aaa
>>    2 | bbb
>>   (2 rows)
>>
>>   postgres=> INSERT INTO t3 VALUES (3,'ccc');
>>   ERROR:  permission denied for relation t3
>>
>> In this case, the new table t3 is created with the default ACL which does not
>> allow to insert any values by the owner of the relation.
>>
>> SELECT INTO does not check ACL_INSERT on the newly created tables, because
>> we had been able to assume the table owner always has privilege to insert
>> values into the new table.
>> So, OpenIntoRel() didn't check this obvious privilege.
>>
>> But the default ACL feature breaks this assumption. The table owner may not
>> have privilege to insert values into new tables.
>> So, it is necessary to put actual access controls on the OpenIntoRel().
>>   
> 
> That's strange behavior I agree. However I don't see how default ACLs
> changed it in any way, owner could REVOKE his privileges before.
> 
I don't think the default ACL feature should do something ad-hoc here.

Is there anything necessary more than adding permission checks to insert
values into the new table?

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: Privileges and inheritance
Next
From: Tom Lane
Date:
Subject: Re: Patch: create or replace language