From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
---|---|
To: | "Stephen Frost" <sfrost(at)snowman(dot)net> |
Cc: | "Robert Haas" <robertmhaas(at)gmail(dot)com>, "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp>, <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: security label support, part.2 |
Date: | 2010-08-17 18:01:00 |
Message-ID: | 4C6A880C0200002500034793@gw.wicourts.gov |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
>Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> No.. and I'm not sure we ever would. What we *have* done is
> removed all permissions checking on child tables when a parent is
> being queried..
OK, that clarifies things. Thanks.
So, essentially that means that you need to set all ancestor levels
to something at least as strict as the intersection of all the
permissions on lower levels to avoid exposing something through an
ancestor which is restricted in a descendant. And you'd better
trust the owner of any table you extend, because they can bypass any
attempt to restrict access to the table you create which extends
theirs.
I hope those security implications are well documented.
-Kevin
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2010-08-17 18:07:18 | Re: security label support, part.2 |
Previous Message | Peter Eisentraut | 2010-08-17 17:55:58 | Re: Python 2.7 deprecated the PyCObject API? |