Home > mailing lists

Re: sepgsql contrib module - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: sepgsql contrib module
Date	January 21, 2011 14:20:57
Msg-id	AANLkTin3wQ3QBqEunLE+Cjw9VvbOt1S_EOzm-ut_PoPg@mail.gmail.com Whole thread Raw
In response to	Re: sepgsql contrib module (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: sepgsql contrib module (Tom Lane <tgl@sss.pgh.pa.us>) Re: sepgsql contrib module (Kohei KaiGai <kaigai@kaigai.gr.jp>)
List	pgsql-hackers

Tree view

On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Robert Haas <robertmhaas@gmail.com> writes:
>> For that matter, I wonder what happens with regular function
>> permissions.  If the plan inlines the function and then somebody goes
>> and changes the permission on the function and makes it SECURITY
>> DEFINER, what happens?
>
> ALTER FUNCTION is supposed to cause plan invalidation in such a case.
> Not sure if GRANT plays nice with that though.

And in the case of SE-Linux, this could get changed from outside the
database.  Not sure how to handle that.  I guess we could just never
inline anything, but that might be an overreaction.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Heikki Linnakangas
Date: 21 January 2011, 14:18:14
Subject: Re: review: FDW API

From: Tom Lane
Date: 21 January 2011, 14:22:09
Subject: Re: pg_basebackup for streaming base backups

Re: sepgsql contrib module - Mailing list pgsql-hackers

Previous

Next