Participants
Tom Lane
Tom Lane
Andres Freund
Andres Freund
Jim Nasby
Jim Nasby
Attachments

No attachments in this thread

Thread Outline
#1Tom LaneTom Lane
Mar 23, 2017
#2Andres FreundAndres Freundto Tom Lane (#1)
Mar 23, 2017
#3Jim NasbyJim Nasbyto Andres Freund (#2)
Mar 23, 2017

Privilege checks on array coercions

Started by Tom Lanealmost 9 years ago3 messages
#1Tom Lane
Tom Lane
tgl@sss.pgh.pa.us

There is a test in privileges.sql (currently lines 589-625 in
privileges.out) that seems to be dependent on the fact that the
ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
per-element type coercion function if it's dealing with a NULL input
array.

While fooling with Andres' faster-expressions patch, I moved the
pg_proc_aclcheck call for this into expression compilation, causing
that privileges.sql test to fail.

Since Andres' patch moves ACL checks for regular function calls into
expression compilation, I think it would be weird and inconsistent not
to do so for ArrayCoerceExpr as well. Does anyone want to defend this
privileges test case as testing for some behavior that users expect?

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#2Andres Freund
Andres Freund
andres@anarazel.de
In reply to: Tom Lane (#1)
Re: Privilege checks on array coercions

On 2017-03-23 15:26:51 -0400, Tom Lane wrote:

There is a test in privileges.sql (currently lines 589-625 in
privileges.out) that seems to be dependent on the fact that the
ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
per-element type coercion function if it's dealing with a NULL input
array.

While fooling with Andres' faster-expressions patch, I moved the
pg_proc_aclcheck call for this into expression compilation, causing
that privileges.sql test to fail.

Since Andres' patch moves ACL checks for regular function calls into
expression compilation, I think it would be weird and inconsistent not
to do so for ArrayCoerceExpr as well. Does anyone want to defend this
privileges test case as testing for some behavior that users expect?

Not me - that seems quite sensible to change.

Andres

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

#3Jim Nasby
Jim Nasby
jim@nasby.net
In reply to: Andres Freund (#2)
Re: Privilege checks on array coercions

On 3/23/17 12:37 PM, Andres Freund wrote:

On 2017-03-23 15:26:51 -0400, Tom Lane wrote:

There is a test in privileges.sql (currently lines 589-625 in
privileges.out) that seems to be dependent on the fact that the
ArrayCoerceExpr logic doesn't check for EXECUTE privilege on the
per-element type coercion function if it's dealing with a NULL input
array.

...

Does anyone want to defend this
privileges test case as testing for some behavior that users expect?

Not me - that seems quite sensible to change.

I'd even argue that existing behavior is a bug.
--
Jim C. Nasby, Data Architect jim@nasby.net
512.569.9461 (cell) http://jim.nasby.net

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

← Back to Topics