Re: ExecutorCheckPerms() hook - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: ExecutorCheckPerms() hook
Date
Msg-id 4BFDE068.4010305@ak.jp.nec.com
Whole thread Raw
In response to Re: ExecutorCheckPerms() hook  (Stephen Frost <sfrost@snowman.net>)
Responses Re: ExecutorCheckPerms() hook
[v9.1] add makeRangeTblEntry() into makefuncs.c
Reworks of DML permission checks
[v9.1] Add security hook on initialization of instance
List pgsql-hackers
Stephen,

>> The 'failure' may make an impression of generic errors not only permission denied.
>> How about 'error_on_violation'?
>
> Maybe 'ereport_on_violation'?  I dunno, guess one isn't really better
> than the other.  You need to go back and fix the comment though- you
> still say 'abort' there.

I have no preference between 'error_on_violation' and 'ereport_on_violation'.
OK, I fixed it.

>> BTW, I wonder whether acl.h is a correct place to explain about the hook,
>> although I added comments for the hook.
>
> Guess I don't really see a problem putting the comments there.  By the
> way, have we got a place where we actually document the hooks we support
> somewhere in the official documentation..?  If so, that should certainly
> be updated too..

I could not find Executor hooks from doc/src/sgml using grep.
If so, it might be worth to list them on the wikipage.

>> I think we should add a series of explanation about ESP hooks in the internal
>> section of the documentation, when the number of hooks reaches a dozen for
>> example.
>
> I believe the goal will be to avoid reaching a dozen hooks for this.

Maybe, all we need to hook on DML permissions is only this one.

> All-in-all, I'm pretty happy with these.  Couple minor places which
> could use some copy editing, but that's about it.
>
> Next, we need to get the security label catalog and the grammar to
> support it implemented and then from that an SELinux module should
> be pretty easy to implement.  Based on the discussions at PGCon, Robert
> is working on the security label catalog and grammar.  The current plan
> is to have a catalog similar to pg_depend, to minimize impact to the
> rest of the backend and to those who aren't interested in using security
> labels.

Pg_depend? not pg_description/pg_shdescription?

I basically agree with the idea that minimizes damages to the existing schema
of system catalogs, but I cannot imagine something like pg_depend well.

I'd like to post a new thread to discuss the security label support. OK?

> Of course, there will also need to be hooks there for an
> external module to enforce restrictions associated with changing labels
> on various objects in the system.

Yes, the user given has to be validated by ESP.

Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>

Attachment

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: get_whatever_oid, part 1: object types with unqualifed names
Next
From: Tatsuo Ishii
Date:
Subject: Re: exporting raw parser