>
> On Wed, 7 Jan 1998, Thomas G. Lockhart wrote:
>
> > Are there any maintenance operations which require a "delete from pg_xxx"? If
> > not, then we could just modify the parser (or the executor?) to check the table
> > name and not allow insert/delete from any table whose name starts with "pg_". Had
> > to ask, although I'm sure this is too easy to actually work :)
>
> As long as what you are suggesting doesn't break "drop database", "drop
> table", "drop view"...I realize that this is obvious, but...
Good point. Yes it does. dbcommands.c and user.c both do direct calls
to pg_exec to pass everything into the parser, optimizer, and executor.
The real fix is to do things like copy.c does, by directly calling the C
routines and making the desired changes there. Or to have some global
flag that says "Backend performed the rights test, let this SQL
succeed." That may be cleaner. Table access rights are tested in just
one function, I think.
We still have the pg_user.passwd problem, and pg_user is not readable by
general users. I can't think of a fix for this.
--
Bruce Momjian
maillist@candle.pha.pa.us