From: | Yeb Havinga <yebhavinga(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: patch for type privileges |
Date: | 2011-12-02 16:11:47 |
Message-ID: | 4ED8F8C3.4060809@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 2011-12-01 22:14, Peter Eisentraut wrote:
> On tor, 2011-12-01 at 14:37 +0100, Yeb Havinga wrote:
>> On 2011-11-29 18:47, Peter Eisentraut wrote:
>>> On tis, 2011-11-29 at 07:07 +0200, Peter Eisentraut wrote:
>>>> On mån, 2011-11-28 at 11:41 +0100, Yeb Havinga wrote:
>>>>> On 2011-11-15 21:50, Peter Eisentraut wrote:
>>>>>> Patch attached.
>>>>> I cannot get the patch to apply, this is the output of patch -p1
>>>>> --dry-run on HEAD.
>>>> I need to remerge it against concurrent range type activity.
>>> New patch attached.
>> I'm looking at your patch. One thing that puzzled me for a while was
>> that I could not restrict access to base types (either built-in or user
>> defined). Is this intentional?
> Works for me:
>
> =# create user foo;
> =# revoke usage on type int8 from public;
> =# \c - foo
> => create table test1 (a int4, b int8);
> ERROR: permission denied for type bigint
Hmm even though I have 'revoke all on type int2 from public' in my psql
history, I cannot repeat what I think was happening yesterday. Probably
I was still superuser in the window I was testing with, but will never
no until time travel is invented. Or maybe I tested with a cast.
Using a cast, it is possible to create a table with a code path through
OpenIntoRel:
session 1:
t=# revoke all on type int2 from public;
session2 :
t=> create table t2 (a int2);
ERROR: permission denied for type smallint
t=> create table t as (select 1::int2 as a);
SELECT 1
t=> \d t
Table "public.t"
Column | Type | Modifiers
--------+----------+-----------
a | smallint |
t=>
Something different: as non superuser I get this error when restricting
a type I don't own:
t=> revoke all on type int2 from public;
ERROR: unrecognized objkind: 6
My current time is limited but I will be able to look more at the patch
in a few more days.
regards,
Yeb Havinga
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2011-12-02 16:16:17 | Re: Java LISTEN/NOTIFY client library work-around |
Previous Message | Bruce Momjian | 2011-12-02 15:56:57 | pg_upgrade and regclass |