[HACKERS] Interest in a SECURITY DEFINER function current_user stackaccess mechanism?
| От | Nico Williams | 
|---|---|
| Тема | [HACKERS] Interest in a SECURITY DEFINER function current_user stackaccess mechanism? | 
| Дата | |
| Msg-id | 20171018200110.GA4496@localhost обсуждение исходный текст | 
| Ответы | Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism? Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism? Re: [HACKERS] Interest in a SECURITY DEFINER function current_userstack access mechanism? | 
| Список | pgsql-hackers | 
It'd be nice if SECURITY DEFINER functions could see what user invoked them, but current_user is the DEFINER user, naturally, since that's how this is done in fmgr_security_definer(). I was thinking that fmgr_security_definer() could keep a global pointer to a linked list (with automatic nodes) of the save_userid values. Then we could have a SQL function for accessing these, something like pg_current_user(level int) returning text, where level 0 is current_user, level 1 is "the previous current_user in the stack", and so on, returning null when level is beyond the top-level. This seems like a simple, small, easy patch, and since I [think I] need it I suspect others probably do as well. Thoughts? Nico -- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
В списке pgsql-hackers по дате отправления: