(2010/11/30 21:26), Simon Riggs wrote: > On Mon, 2010-11-29 at 21:37 -0500, Josh Kupershmidt wrote: > >> I still see little reason to make LOCK TABLE permissions different for >> column-level vs. table-level UPDATE privileges > > Agreed. > > This is the crux of the debate. Why should this inconsistency be allowed > to continue? > > Are there covert channel issues here, KaiGai? > Existing database privilege mechanism (and SELinux, etc...) is not designed to handle covert channel attacks, basically. For example, if a user session with column-level UPDATE privilege tries to update a certain column for each seconds depending on the contents of other table X, other session can probably know the contents of table X using iteration of LOCK command without SELECT permission. It is a typical timing channel attack, but it is not a problem that we should try to tackle, is it?
Sorry, I don't have a credible idea to solve this inconsistency right now. Thanks, -- KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
