Postgres Pro
Downloads
Home   >   mailing lists

Thread: [HACKERS] Privilege checks on array coercions

[HACKERS] Privilege checks on array coercions

From
Tom Lane
Date:
There is a test in privileges.sql (currently lines 589-625 in
privileges.out) that seems to be dependent on the fact that the
ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
per-element type coercion function if it's dealing with a NULL input
array.

While fooling with Andres' faster-expressions patch, I moved the
pg_proc_aclcheck call for this into expression compilation, causing
that privileges.sql test to fail.

Since Andres' patch moves ACL checks for regular function calls into
expression compilation, I think it would be weird and inconsistent not
to do so for ArrayCoerceExpr as well.  Does anyone want to defend this
privileges test case as testing for some behavior that users expect?
        regards, tom lane

Re: [HACKERS] Privilege checks on array coercions

From
Andres Freund
Date:
On 2017-03-23 15:26:51 -0400, Tom Lane wrote:
> There is a test in privileges.sql (currently lines 589-625 in
> privileges.out) that seems to be dependent on the fact that the
> ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
> per-element type coercion function if it's dealing with a NULL input
> array.
> 
> While fooling with Andres' faster-expressions patch, I moved the
> pg_proc_aclcheck call for this into expression compilation, causing
> that privileges.sql test to fail.
> 
> Since Andres' patch moves ACL checks for regular function calls into
> expression compilation, I think it would be weird and inconsistent not
> to do so for ArrayCoerceExpr as well.  Does anyone want to defend this
> privileges test case as testing for some behavior that users expect?

Not me - that seems quite sensible to change.

Andres

Re: [HACKERS] Privilege checks on array coercions

From
Jim Nasby
Date:
On 3/23/17 12:37 PM, Andres Freund wrote:
> On 2017-03-23 15:26:51 -0400, Tom Lane wrote:
>> There is a test in privileges.sql (currently lines 589-625 in
>> privileges.out) that seems to be dependent on the fact that the
>> ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
>> per-element type coercion function if it's dealing with a NULL input
>> array.
...
>> Does anyone want to defend this
>> privileges test case as testing for some behavior that users expect?
>
> Not me - that seems quite sensible to change.

I'd even argue that existing behavior is a bug.
-- 
Jim C. Nasby, Data Architect                       jim@nasby.net
512.569.9461 (cell)                         http://jim.nasby.net