| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: more RLS oversights |
| Date: | 2015-02-09 21:10:51 |
| Message-ID: | 20150209211051.GX3854@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert,
* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> I happened to notice this morning while hacking that the
> "hasRowSecurity" fields added to PlannerGlobal and PlannedStmt have
> not been given proper nodefuncs.c support. Both need to be added to
> outfuncs.c, and the latter to copyfuncs.c. The latter omission may
> well be a security bug, although I haven't attempted to verify that,
> but fortunately this isn't released yet.
I saw this and will address it. Would be great if you wouldn't mind
CC'ing me directly on anything RLS-related, same as you CC'd me on the
column-privilege backpatch. I expect I'll probably notice anyway, but
I'll see them faster when I'm CC'd.
I agree that it's great that we're catching issues prior to when the
feature is released and look forward to anything else you (or anyone
else!) finds.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-02-09 21:16:31 | Re: sloppy back-patching of column-privilege leak |
| Previous Message | Stephen Frost | 2015-02-09 20:53:00 | Re: sloppy back-patching of column-privilege leak |