Re: [BUGS] Probably a security bug in PostgreSQL rule system

Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> Would someone comment on this?

This is fixed in CVS tip.

2004-01-13 22:39 tgl

* src/backend/rewrite/: rewriteHandler.c (REL7_3_STABLE),
rewriteHandler.c (REL7_4_STABLE), rewriteHandler.c: Revert
ill-starred change of 13-Feb-02: it appeared to fix a problem of
incorrect permissions checking, but in fact disabled most all
permissions checks for view updates. This corrects problems
reported by Sergey Yatskevich among others, at the cost of
re-introducing the problem previously reported by Tim Burgess.
However, since we'd lived with that problem for quite awhile
without knowing it, we can live with it awhile longer until a
proper fix can be made in 7.5.

2004-01-14 18:01 tgl

* src/: backend/commands/view.c, backend/executor/execMain.c,
backend/executor/nodeSubplan.c, backend/nodes/copyfuncs.c,
backend/nodes/equalfuncs.c, backend/nodes/outfuncs.c,
backend/nodes/readfuncs.c, backend/optimizer/path/allpaths.c,
backend/parser/analyze.c, backend/parser/parse_clause.c,
backend/parser/parse_relation.c, backend/rewrite/rewriteDefine.c,
backend/rewrite/rewriteHandler.c, include/catalog/catversion.h,
include/executor/executor.h, include/nodes/parsenodes.h,
include/parser/parse_clause.h, include/utils/acl.h: Fix
permission-checking bug reported by Tim Burgess 10-Feb-03 (this
time for sure...). Rather than relying on the query context of a
rangetable entry to identify what permissions it wants checked,
store a full AclMode mask in each RTE, and check exactly those
bits. This allows an RTE specifying, say, INSERT privilege on a
view to be copied into a derived UPDATE query without changing
meaning. Per recent discussion thread. initdb forced due to
change of stored rule representation.

regards, tom lane