diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2002-01-03 23:21:32 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2002-01-03 23:21:32 +0000 |
| commit | dc6b4deb9717a9f03b2f93baca9f93f13786e26b (patch) | |
| tree | 586c04579f3337cc8fdbbc342eefbb0bdf21e607 /src/backend/commands/command.c | |
| parent | d02f0aaa3b7313cabd9e64deb34ab630832730ce (diff) | |
| download | postgresql-dc6b4deb9717a9f03b2f93baca9f93f13786e26b.tar.gz postgresql-dc6b4deb9717a9f03b2f93baca9f93f13786e26b.zip | |
Require ownership permission for CREATE INDEX, per bug report.
Disallow CREATE INDEX on system catalogs, non-tables (views, sequences, etc).
Disallow CREATE/DROP TRIGGER on system catalogs, non-tables.
Disallow ALTER TABLE ADD/DROP CONSTRAINT on system catalogs.
Disallow FOREIGN KEY reference to non-table.
None of these things can actually work in the present system structure,
but the code was letting them pass without complaint.
Diffstat (limited to 'src/backend/commands/command.c')
| -rw-r--r-- | src/backend/commands/command.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/src/backend/commands/command.c b/src/backend/commands/command.c index cab60421e6a..646511eb18d 100644 --- a/src/backend/commands/command.c +++ b/src/backend/commands/command.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.151 2001/12/04 17:19:48 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/Attic/command.c,v 1.152 2002/01/03 23:19:30 tgl Exp $ * * NOTES * The PerformAddAttribute() code, like most of the relation @@ -716,6 +716,7 @@ AlterTableAlterColumnStatistics(const char *relationName, Relation attrelation; HeapTuple tuple; + /* we allow this on system tables */ #ifndef NO_SECURITY if (!pg_ownercheck(GetUserId(), relationName, RELNAME)) elog(ERROR, "ALTER TABLE: permission denied"); @@ -1190,6 +1191,9 @@ AlterTableAddConstraint(char *relationName, Oid myrelid; List *listptr; + if (!allowSystemTableMods && IsSystemRelationName(relationName)) + elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog", + relationName); #ifndef NO_SECURITY if (!pg_ownercheck(GetUserId(), relationName, RELNAME)) elog(ERROR, "ALTER TABLE: permission denied"); @@ -1506,6 +1510,9 @@ AlterTableDropConstraint(const char *relationName, Relation rel; int deleted; + if (!allowSystemTableMods && IsSystemRelationName(relationName)) + elog(ERROR, "ALTER TABLE: relation \"%s\" is a system catalog", + relationName); #ifndef NO_SECURITY if (!pg_ownercheck(GetUserId(), relationName, RELNAME)) elog(ERROR, "ALTER TABLE: permission denied"); @@ -1886,9 +1893,7 @@ needs_toast_table(Relation rel) } /* - * * LOCK TABLE - * */ void LockTableCommand(LockStmt *lockstmt) |