From: Kirill Yukhin <kyukhin@tarantool.org>
To: "n.pettik" <korablev@tarantool.org>
Cc: tarantool-patches@freelists.org
Subject: [tarantool-patches] Re: [PATCH] sql: check read access while executing SQL query
Date: Fri, 12 Oct 2018 14:41:09 +0300 [thread overview]
Message-ID: <20181012114109.fdvmjko63x2zpdlh@tarantool.org> (raw)
In-Reply-To: <4D536713-510B-4F25-9455-F4090A29AF67@tarantool.org>
Hello Nikita,
Thanks a lot for review! My answers inlined.
Re-factored patchset send as new thread. Branch force-pushed.
On 11 Oct 14:32, n.pettik wrote:
>
> > Since SQL front-end is not using box API,
> > no checkes for read access are performed by VDBE engine.
> > Fix this by introducing dedicated opcode which is executed
>
> But in your patch I don’t see any new opcodes.
Fixed comment.
> > to perform read access check.
> > Note, that there's is no need to perform DML/DDL checkes as
> > they're performed by Tarantool's core.
> >
> > Closes #2362
>
> Please, provide doc-bot request (especially taking into consideration
> the fact that ‘read’ privilege turns out to be not real ’select’ privilege).
Done.
> > +box.sql.execute("PRAGMA sql_default_engine='"..engine.."'")
> > +box.sql.execute("CREATE TABLE t1 (s1 INT PRIMARY KEY, s2 INT UNIQUE);")
> > +box.sql.execute("CREATE TABLE t2 (s1 INT PRIMARY KEY);")
> > +box.sql.execute("INSERT INTO t1 VALUES (1, 1);")
> > +box.sql.execute("INSERT INTO t2 VALUES (1);")
> > +
> > +box.schema.user.grant('guest','read', 'space', '_space’)
>
> Hmm, why do you need to grand read privilege to _space?
> Without it test fails:
>
> error: 'Failed to execute SQL statement: no such table: T1’
>
> I guess somewhere in SQL internals invocation to _space appears to fetch space,
> but , it is not obvious. Can you come up with any workaround to avoid it?
>
> Another problem is:
>
> box.schema.user.revoke('guest’,'read', 'space', 'T1')
> box.schema.user.grant('guest’,’write', 'space', 'T1')
> c:execute("delete from t1 where s1 = 1;”)
> ---
> - error: 'Failed to execute SQL statement: Read access to space ''T1'' is denied for
> user ''guest'''
> ...
>
> In terms of Tarantool, it is OK (since we need to iterate through the space to find
> tuple to be deleted). But for SQL I guess it is not acceptable: this query doesn’t
> give user any data, so read (i.e. SELECT) privilege is not needed.
> The same for example involving FK constraints which you provided below.
I've refactored space pointer retrival mechanism. It is now used space name ->
pointer hash table w/o any access checks. Actual checks are only performed when
iterator op-code is executed.
--
Regards, Kirill Yukhin
next prev parent reply other threads:[~2018-10-12 11:41 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-11 8:53 [tarantool-patches] " Kirill Yukhin
2018-10-11 11:32 ` [tarantool-patches] " n.pettik
2018-10-12 11:41 ` Kirill Yukhin [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-08-17 17:05 [tarantool-patches] " Kirill Yukhin
2018-08-17 17:59 ` [tarantool-patches] " Kirill Yukhin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181012114109.fdvmjko63x2zpdlh@tarantool.org \
--to=kyukhin@tarantool.org \
--cc=korablev@tarantool.org \
--cc=tarantool-patches@freelists.org \
--subject='[tarantool-patches] Re: [PATCH] sql: check read access while executing SQL query' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox