public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Dean Rasheed <[email protected]>
Cc: jian he <[email protected]>
Cc: pgsql-general list <[email protected]>
Subject: Re: security invoker review need full select (all columns) to do DML?
Date: Wed, 21 Aug 2024 10:39:44 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <CAEZATCVm+2Vr4ydMBZNGJuFNbH7YZOOXSEJ8JyjWeQ4J5xZ5zQ@mail.gmail.com>
References: <CACJufxG31b+LwmxHz6xw9Qr+qc3VgQaRdpiaGUoZFrf=NBu48g@mail.gmail.com>
<CAEZATCVm+2Vr4ydMBZNGJuFNbH7YZOOXSEJ8JyjWeQ4J5xZ5zQ@mail.gmail.com>
Dean Rasheed <[email protected]> writes:
> The user must have select permissions on all columns selected by the
> subquery/view, because we don't go through the outer query to check
> which columns are actually referred to. Now maybe we could, but I
> suspect that would be quite a lot of effort because you'd need to be
> sure that the column wasn't referred to anywhere in either the outer
> query or the subquery itself (e.g., in WHERE clauses, etc.).
I'd argue that we should check that permission regardless, and are
probably required to by the SQL spec. You don't normally get to
escape permission checks when bits of the query are optimized away.
(This is why permission checks are done on the range table not the
plan tree.)
regards, tom lane
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: security invoker review need full select (all columns) to do DML?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox