(2009/12/18 6:38), Stephen Frost wrote:
> KaiGai,
>
> * KaiGai Kohei (kai...@ak.jp.nec.com) wrote:
>> The patch was not attached...
>
> This patch either does too much, or not enough.
>
> I would either leave the Assert() in-place as a double-check (I presume
> that's why it was there in the first place, and if that Assert() fails
> then our assumption about the permissions check being already done on
> the object in question would be wrong, since the check is done against
> the passed-in 'rel' and the assert is that 'rel' and 'ruletup->ev_class'
> are the same; if they're not, then we might need to do perms checking on
> ruletup->ev_class)
>
> Or
>
> Remove the now-unused variable eventRelationOid.
My preference is the later option, because the pg_rewrite entry to be
checked is fetched using RULERELNAME syscache which takes OID of the
relation and name of the rule.
If this Assert() failed, it implies syscache mechanism has problem,
not only integrity of pg_rewrite system catalog.
The attached patch is an revised one.
Thanks,
> Overall, I agree with removing this check as it's already done by
> ATSimplePermissions() and we don't double-check the permissions in the
> other things called through ATExecCmd() (though there are cases where
> specific commands have to do *additional* checks beyond what
> ATSimplePermissions() does.. it might be worth looking into what those
> are and thinking about if we should move/consolidate/etc them, or if it
> makes sense to leave them where they are).
>
> Thanks,
>
> Stephen
--
OSS Platform Development Division, NEC
KaiGai Kohei <kai...@ak.jp.nec.com>
*** base/src/backend/rewrite/rewriteDefine.c (revision 2486)
--- base/src/backend/rewrite/rewriteDefine.c (working copy)
***************
*** 671,677 ****
{
Relation pg_rewrite_desc;
Oid owningRel = RelationGetRelid(rel);
- Oid eventRelationOid;
HeapTuple ruletup;
bool changed = false;
--- 671,676 ----
***************
*** 690,704 ****
rulename, get_rel_name(owningRel))));
/*
- * Verify that the user has appropriate permissions.
- */
- eventRelationOid = ((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_class;
- Assert(eventRelationOid == owningRel);
- if (!pg_class_ownercheck(eventRelationOid, GetUserId()))
- aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS,
- get_rel_name(eventRelationOid));
-
- /*
* Change ev_enabled if it is different from the desired new state.
*/
if (DatumGetChar(((Form_pg_rewrite) GETSTRUCT(ruletup))->ev_enabled) !=
--- 689,694 ----
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
