Home > mailing lists

Re: [HACKERS] Change in "policy" on dump ordering? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [HACKERS] Change in "policy" on dump ordering?
Date	July 26, 2017 21:35:55
Msg-id	8699.1501083355@sss.pgh.pa.us Whole thread Raw
In response to	Re: [HACKERS] Change in "policy" on dump ordering? (Jordan Gigov <coladict@gmail.com>)
List	pgsql-hackers

Tree view

Jordan Gigov <coladict@gmail.com> writes:
> But why should a superuser need the ACL to be applied before being allowed
> access? If you make the permission-checking function check if the user is a
> superuser before looking for per-user grants, wouldn't that solve the issue?

The superuser's permissions are not relevant, because the materialized
view is run with the permissions of its owner, not the superuser.
We are not going to consider changing that, either, because it would open
trivial-to-exploit security holes (any user could set up a trojan horse
matview and just wait for the next pg_upgrade or dump/restore).
        regards, tom lane

pgsql-hackers by date:

From: Kunshchikov Vladimir
Date: 26 July 2017, 21:32:33
Subject: Re: [HACKERS] [patch] pg_dump/pg_restore zerror() and strerror()mishap

From: "Mengxing Liu"
Date: 26 July 2017, 21:41:37
Subject: [HACKERS] [GSOC] Eliminate O(N^2) scaling from rw-conflict tracking inserializable transactions

Re: [HACKERS] Change in "policy" on dump ordering? - Mailing list pgsql-hackers

Previous

Next