Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks

Поиск
Список
Период
Сортировка
От Vaishnavi Prabakaran
Тема Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks
Дата
Msg-id CAOoUkxSnENPbSzmVjsnC2Na-qpwNQ6wJTvqQW1uO8_cxfLghxA@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks  (Michael Paquier <michael.paquier@gmail.com>)
Ответы Re: [HACKERS] Simplify ACL handling for large objects and removal ofsuperuser() checks  (Michael Paquier <michael.paquier@gmail.com>)
Список pgsql-hackers
Дерево обсуждения
Hi,


On Mon, Aug 14, 2017, Michael Paquier <michael.paquier@gmail.com> wrote:
>Attached is a set of 3 patches:

I tried to review the patch and firstly patch applies cleanly without any noise.


>- 0001 removes ALLOW_DANGEROUS_LO_FUNCTIONS

I think it is better to remove "ALLOW_DANGEROUS_LO_FUNCTIONS" from pg_config_manual.h as well.


>- 0002 replaces the superuser checks with GRANT permissions
>- 0003 refactors the LO code to improve the ACL handling. Note that
>this patch introduces a more debatable change: now there is no
>distinction between INV_WRITE and INV_WRITE|INV_READ, as when
>INV_WRITE is used INV_READ is implied. The patch as proposed does a
>complete split of both permissions to give a system more natural and
>more flexible. The current behavior is documented. 

>@@ -163,22 +150,16 @@ lo_read(int fd, char *buf, int len)
> ....
> + if ((lobj->flags & IFS_RDLOCK) == 0)
>+ ereport(ERROR,
>+ (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
>+ errmsg("large object descriptor %d was not opened for reading",
>+ fd)));


Do we ever reach this error? Because per my understanding 

1) if the application didn't call lo_open before lo_read, then file descriptor validation in the beginning of this function should capture it. 

2) if the application called lo_open only with write mode should be able to read as well per documentation. 

Ok, in the inv_open(),  IFS_RDLOCK is set only when explicit READ mode is requested. So, it causes lo_read failure when large-object is opened in WRITE mode? I think documented behavior is more appropriate and post ACL checks for select and update permissions in inv_open(), IFS_RDLOCK flag should be set regardless of mode specified.

Thanks & Regards,
Vaishnavi,
Fujitsu Australia.

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: Re: [HACKERS] Setting pd_lower in GIN metapage
Следующее
От: Michael Paquier
Дата:
Сообщение: Re: [HACKERS] Rewriting the test of pg_upgrade as a TAP test