BUG #1114: REVOKE done by non-privileged user claims success
The following bug has been logged online:
Bug reference: 1114
Logged by: Oliver Elphick
Email address: olly@lfix.co.uk
PostgreSQL version: 7.4
Operating system: Debian Linux
Description: REVOKE done by non-privileged user claims success
Details:
When REVOKE is used on an object for which the current user does not have
GRANT privilege, the operation fails but "REVOKE" is returned as if it had
succeeded:
$ psql -U fred template1
template1=> revoke create on schema public from public;
REVOKE
(NB: this web interface at http://www.postgresql.org/bugform.html could do
with Pg version options for 7.3.6, 7.4.1 and 7.4.2).
"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes:
When REVOKE is used on an object for which the current user does not have
GRANT privilege, the operation fails but "REVOKE" is returned as if it had
succeeded:
Looking at the code, this seems to be intentional, because the privilege
check is not made for revokes only for grants:
if (stmt->is_grant
&& !pg_class_ownercheck(relOid, GetUserId())
&& pg_class_aclcheck(relOid, GetUserId(),
ACL_GRANT_OPTION_FOR(privileges)) != ACLCHECK_OK)
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, relvar->relname);
Peter, do you remember why you did it that way?
regards, tom lane
Tom Lane wrote:
Looking at the code, this seems to be intentional, because the
privilege check is not made for revokes only for grants:
Peter, do you remember why you did it that way?
I'm not really sure right now. It doesn't really make sense, does it?
Certainly, the SQL standard requires a privilege check on revoke.