 | |
[BUGS] BUG #1937: Parts of information_schema only accessible to owner
mailing.database.pgsql-bugs mailing.database.pgsql-bugs
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
[BUGS] BUG #1937: Parts of information_schema only accessible to owner -
10-04-2005
, 09:42 AM
#2
| |||
| |||
|
|
As an example, in the view "information_schema.columns" I can only see the entry in COLUMN_DEFAULT if I am the owner. Why is this? |
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
#3
| |||
| |||
|
|
The following bug has been logged online: Bug reference: 1937 Logged by: Tony Marston Email address: tony (AT) marston-home (DOT) demon.co.uk PostgreSQL version: 8.0.3 Operating system: Windows XP Description: Parts of information_schema only accessible to owner Details: I have been trying to access parts of the information_schema as an ordinary user, not as owner, and I am encountering instances where I cannot retrieve any rows at all, or where some of the columns are empty when they should not be. This sounds like a faulty implementation to me, with too many restrictions. As far as I am concerned if I have access privileges on an object then I should be able to see ALL information_schema details regarding that object. Being able to view data in the information_schema does not give me the ability to do anything that is not already permitted in the privilges system, so why is access to such data being blocked? As an example, in the view "information_schema.columns" I can only see the entry in COLUMN_DEFAULT if I am the owner. Why is this? What is the logic behind this decision? What possible security breach is blocked by witholding this information? ---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend |
Jim C. Nasby, Sr. Engineering Consultant jnasby (AT) pervasive (DOT) com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
#4
| |||
| |||
|
|
I have searched through the SQL 2003 standard and can find no such restriction. In the volume titled "Information and Definition Schemas (SQL/Schemata)" in section 5.20 (INORMATON_SCHEMA.COLUMNS view) it states the following under the heading "Function": "Identify the columns of tables defined in this catalog that are accessible to a given user or role." |
requirement to "blank out" the column defaults of non-owned tables was
apparently dropped in SQL 2003. Clearly, we need to review the
information schema for SQL 2003 conformance.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
#5
| |||
| |||
|
|
-----Original Message----- From: Stephan Szabo [mailto:sszabo (AT) megazone (DOT) bigpanda.com]=20 Sent: 08 October 2005 16:44 To: Tony Marston Subject: RE: [BUGS] BUG #1937: Parts of information_schema=20 only accessible to owner =20 =20 On Sat, 8 Oct 2005, Tony Marston wrote: =20 I have searched through the SQL 2003 standard and can find no such=20 restriction. In the volume titled "Information and=20 Definition Schemas=20 (SQL/Schemata)" in section 5.20 (INORMATON_SCHEMA.COLUMNS view) it=20 states the following under the heading "Function": "Identify the columns of tables defined in this catalog that are=20 accessible to a given user or role." Note there that it does not say that the user must be the=20 owner, but=20 that the user is allowed to access the table (i.e. has access=20 privileges). I take this to mean (as any reasonable person would) that if a user=20 has been granted the privilges to access an object then=20 that same user=20 can view all the information on that object which is defined within=20 the information schema. Unless you can provide a direct quote from the SQL standard which=20 contradicts this I strongly suggest that you revise your opinion. =20 What I gave was *directly* part of the definition of the view from the standard: =20 CASE WHEN EXISTS ( SELECT * FROM DEFINITION_SCHEMA.SCHEMATA AS S WHERE ( TABLE_CATALOG, TABLE_SCHEMA ) =3D (S.CATALOG_NAME, S.SCHEMA_NAME ) AND SCHEMA_OWNER =3D USER ) THEN COLUMN_DEFAULT ELSE NULL END AS COLUMN_DEFAULT, =20 I think any "reasonable person" would read the definition=20 portion above from that view and interpret that as give the=20 column default if the table the the column is in came from a=20 schema that is owned by USER otherwise give NULL. =20 |
the columns of tables defined in this catalog that are accessible to a given
user." It is clear that the actual code sample given does not conform to
this description, so I would argue that the code is wrong and the
description is right. Any reasonable person would assume that the code
sample would conform to the description. After all, the description does not
say "except for those items where the user must also be the owner".
Tony Marston
http://www.tonymarston.net=20
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
#6
| |||
| |||
|
|
-----Original Message----- From: Stephan Szabo [mailto:sszabo (AT) megazone (DOT) bigpanda.com]=20 Sent: 08 October 2005 18:01 To: Tony Marston Cc: pgsql-bugs (AT) postgresql (DOT) org Subject: RE: [BUGS] BUG #1937: Parts of information_schema=20 only accessible to owner =20 =20 =20 On Sat, 8 Oct 2005, Tony Marston wrote: =20 -----Original Message----- From: Stephan Szabo [mailto:sszabo (AT) megazone (DOT) bigpanda.com] Sent: 08 October 2005 16:44 To: Tony Marston Subject: RE: [BUGS] BUG #1937: Parts of information_schema only=20 accessible to owner On Sat, 8 Oct 2005, Tony Marston wrote: I have searched through the SQL 2003 standard and can=20 find no such=20 restriction. In the volume titled "Information and Definition Schemas (SQL/Schemata)" in section 5.20=20 (INORMATON_SCHEMA.COLUMNS view) it=20 states the following under the heading "Function": "Identify the columns of tables defined in this catalog=20 that are=20 accessible to a given user or role." Note there that it does not say that the user must be the owner, but that the user is allowed to access the table (i.e. has access=20 privileges). I take this to mean (as any reasonable person would) that if a=20 user has been granted the privilges to access an object then that same user can view all the information on that object which is defined=20 within the information schema. Unless you can provide a direct quote from the SQL=20 standard which=20 contradicts this I strongly suggest that you revise=20 your opinion. What I gave was *directly* part of the definition of the=20 view from=20 the standard: CASE WHEN EXISTS ( SELECT * FROM DEFINITION_SCHEMA.SCHEMATA AS S WHERE ( TABLE_CATALOG, TABLE_SCHEMA ) =3D (S.CATALOG_NAME, S.SCHEMA_NAME ) AND SCHEMA_OWNER =3D USER ) THEN COLUMN_DEFAULT ELSE NULL END AS COLUMN_DEFAULT, I think any "reasonable person" would read the definition portion=20 above from that view and interpret that as give the=20 column default=20 if the table the the column is in came from a schema that=20 is owned=20 by USER otherwise give NULL. I disagree. The function description in the SQL 1999 standard says=20 "Identify the columns of tables defined in this catalog that are=20 accessible to a given user." It is clear that the actual=20 code sample=20 given does not conform to this description, so I would=20 argue that the=20 code is wrong and the description is right. Any reasonable person=20 would assume that the code sample would conform to the description.=20 After all, the description does not say "except for those=20 items where=20 the user must also be the owner". =20 If there's two items: "Function" with a description and "Definition" with a=20 definition, I think it's fairly ignorant to read the former=20 as overriding the latter. The latter *is* the definition. =20 |
least ask someone in authority which one is right? Shouldn't you ask WHY
some parts of the information schema should only be accessible if you are
the owner when 99% of the information schema does NOT have this restriction?
Nowhere in any function descriptions does it say that the user must be the
owner, so clearly whoever wrote the sample code made a minor mistake, and
you are perpetuationg that mistake. Which is the most logical answer? Any
user with privileges or no-one but the owner? If you were to ask 10
different developers for their opinion on this subject how many would agree
with you and how many would agree with me?
Tony Marston
http://www.tonymarston.net=20
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
#7
| |||
| |||
|
|
The information schema currently follows SQL 1999. Interestingly, the requirement to "blank out" the column defaults of non-owned tables was apparently dropped in SQL 2003. Clearly, we need to review the information schema for SQL 2003 conformance. |
it restricted you to seeing tables you own, it now allows you to see
anything you have any granted privileges on. SQL99 reads
WHERE (C.TABLE_CATALOG, C.TABLE_SCHEMA, C.TABLE_NAME, C.COLUMN_NAME) IN
(SELECT TABLE_CATALOG, TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME
FROM DEFINITION_SCHEMA.COLUMN_PRIVILEGES
WHERE (SCHEMA_OWNER IN ( 'PUBLIC', CURRENT_USER )
OR
SCHEMA_OWNER IN ( SELECT ROLE_NAME FROM ENABLED_ROLES )))
but what I see in 2003 is
WHERE (C.TABLE_CATALOG, C.TABLE_SCHEMA, C.TABLE_NAME, C.COLUMN_NAME) IN
(SELECT CP.TABLE_CATALOG, CP.TABLE_SCHEMA, CP.TABLE_NAME, CP.COLUMN_NAME
FROM DEFINITION_SCHEMA.COLUMN_PRIVILEGES AS CP
WHERE (CP.GRANTEE IN ( 'PUBLIC', CURRENT_USER )
OR
CP.GRANTEE IN ( SELECT ROLE_NAME FROM ENABLED_ROLES )))
Probably there are similar changes in other views.
Not sure if there's time to do this for 8.1 ... I don't really have time
to grovel through it, do you?
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
#8
| |||
| |||
|
|
-----Original Message----- From: Peter Eisentraut [mailto  eter_e (AT) gmx (DOT) net]=20Sent: 08 October 2005 14:09 To: Tony Marston Cc: pgsql-bugs (AT) postgresql (DOT) org Subject: Re: [BUGS] BUG #1937: Parts of information_schema=20 only accessible to owner =20 =20 Please copy replies to the mailing list. =20 Tony Marston wrote: I have searched through the SQL 2003 standard and can find no such=20 restriction. In the volume titled "Information and=20 Definition Schemas=20 (SQL/Schemata)" in section 5.20 (INORMATON_SCHEMA.COLUMNS view) it=20 states the following under the heading "Function": "Identify the columns of tables defined in this catalog that are=20 accessible to a given user or role." =20 The information schema currently follows SQL 1999.=20=20 Interestingly, the=20 requirement to "blank out" the column defaults of non-owned=20 tables was=20 apparently dropped in SQL 2003. Clearly, we need to review the=20 information schema for SQL 2003 conformance. |
view to conform to the 2003 standard, so this is now a non-problem for me. I
just thought that I should bring this discrepancy between the 1999 and 2003
standards to your attention.
Tony Marston
http://www.tonymarston.net=20
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
#9
| |||
| |||
|
|
Probably there are similar changes in other views. Not sure if there's time to do this for 8.1 ... I don't really have time to grovel through it, do you? |
several conceptual changes across the board that need to be attacked as
a whole.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
#10
| |||
| |||
|
|
I disagree. The function description in the SQL 1999 standard says "Identify the columns of tables defined in this catalog that are accessible to a given user." It is clear that the actual code sample given does not conform to this description, |
desired columns, because you can clearly get the "identity" of all
columns from that view.
Moreover, the functional description does not say anything about the
details of the view, leaving that to the formal definition below. If
we followed your reading of the standard, the view would simply give
the names of the columns along with table and schema name and that's
all.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.