From: | Nico Williams <nico(at)cryptonector(dot)com> |
---|---|
To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
Cc: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
Date: | 2017-10-18 21:08:00 |
Message-ID: | 20171018210759.GD4496@localhost |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Oct 18, 2017 at 01:43:30PM -0700, David G. Johnston wrote:
> Regardless of the merits of the proposed feature, the function
> "session_user" is SQL-defined and should not be modified or enhanced.
>
> I could see "calling_role()" being useful - it returns the same value
> as "current_role" normally and in security invoker functions while in
> a security definer function it would return whatever current_role
> would have returned if the function was a security invoker (i.e., the
> role that the system will put back into effect once the security
> definer function returns).
That... could be awkward where lots of SECURITY DEFINER functions may be
user-callable, but also called from each other. But it would be
minimally useful.
More useful than this, for me, would be a way to get the top-most user.
> Introducing the concept of a stack at the SQL level here seems, at
> first glance, to be over-complicating things.
Because of the current implementation of invocation of SECURITY DEFINER
functions, a stack is trivial to build, since it's a list of nodes
allocated on the C stack in fmgr_security_definer().
Nico
--
From | Date | Subject | |
---|---|---|---|
Next Message | David G. Johnston | 2017-10-18 21:13:29 | Re: Interest in a SECURITY DEFINER function current_user stack access mechanism? |
Previous Message | Robert Haas | 2017-10-18 20:54:46 | Re: [COMMITTERS] pgsql: Fix traversal of half-frozen update chains |