| From: | "PostgreSQL Bugs List" <pgsql-bugs(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #1150: grant options not properly checked |
| Date: | 2004-05-11 09:18:16 |
| Message-ID: | 20040511091816.E9887CF519E@www.postgresql.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged online:
Bug reference: 1150
Logged by: Fabien Coelho
Email address: coelho(at)cri(dot)ensmp(dot)fr
PostgreSQL version: 7.5 Dev
Operating system: Linux
Description: grant options not properly checked
Details:
It seems that GRANT ALL ON SCHEMA does not properly
check for grantor rights. I haven't tested other
grantable stuff...
repeat:
psql> SELECT CURRENT_USER;
current_user
--------------
hobbes
psql> SELECT * FROM pg_namespace WHERE nspname='foo';
nspname | nspowner | nspacl
---------+----------+----------------------------------------
foo | 101 | {calvin=U*C*/calvin,hobbes=U*C/calvin}
As hobbes, I should only be able to grant usage.
However:
psql> GRANT ALL ON SCHEMA foo TO suzy;
psql> SELECT * FROM pg_namespace WHERE nspname='foo';
nspname | nspowner | nspacl
---------+----------+-------------------------------------------------------
foo | 101 | {calvin=U*C*/calvin,hobbes=U*C/calvin,suzy=UC/hobbes}
Suzy has both Usage and Create rights on schema foo,
although hobbes had only a grant option for usage.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martin Pitt | 2004-05-11 10:03:58 | Fwd: Bug#247306: odbc-postgresql: SIGSEGV with long inputs (> 10000 bytes) |
| Previous Message | PostgreSQL Bugs List | 2004-05-11 09:00:55 | BUG #1149: server includes not installed by default |