| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
| Cc: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Wrong security context for deferred triggers? |
| Date: | 2024-10-18 08:20:01 |
| Message-ID: | 3f0a08f3e3d445137ae287125bc8c1a007045db8.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, 2024-10-18 at 07:47 +0200, Pavel Stehule wrote:
> Without deeper checks I don't like using GetUserNameFromId for checking the validity of a role.
>
> Maybe it is better to use own read of syscache or wrap SetUserIdAndSecContext to do this check.
I agree; it was just the simplest way I could make it happen. It is ugly to allocate and
return the user name, since we don't really need it.
I could write a dedicated function to check the existence of a user.
> The comment
>
> + /*
> + * The role could have been dropped since the trigger was queued.
> + * In that case, give up and error out.
> + */
>
> doesn't explain well why the role can be dropped and why dependency doesn't protect against it.
The trigger queue exists only in memory, and PostgreSQL tracks dependencies
only between persisted objects. Do you think that I should add a sentence
like that to the comment?
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2024-10-18 08:24:53 | Re: Remove unlogged materialized view persistence handling |
| Previous Message | Bertrand Drouvot | 2024-10-18 07:58:26 | Re: Add isolation test template in injection_points for wait/wakeup/detach |