Dear Tom,
> > It seems that GRANT ALL ON SCHEMA does not properly
> > check for grantor rights.
>
> What's happening is that pg_namespace_aclcheck() allows the operation
> if you have GRANT OPTION for *any* of the rights to be granted. The
> same problem exists for all object types.
I did not had time to go to the source code, but I thought it was likely
to be a generic bug.
> I am not sure whether we should refuse the operation or just narrow
> the set of privileges to those that are grantable per GRANT OPTION.
> Peter, any thoughts?
I'm not Peter, but I have an answer anyway: the standard says it should be
narrowed.
ISO/IEC 9075-2:2003 (E)
12.3 <privileges>
...
Syntax Rules
1) ALL PRIVILEGES is equivalent to the specification of all of the
privileges on <object name> for which the <grantor> has grantable
privilege descriptors.
--
Fabien Coelho - coelho@cri.ensmp.fr
