Quick Links

Re: copy.c handling for RLS is insecure

From:	Andres Freund <andres(at)anarazel(dot)de>
To:	Noah Misch <noah(at)leadboat(dot)com>
Cc:	Stephen Frost <sfrost(at)snowman(dot)net>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: copy.c handling for RLS is insecure
Date:	2015-07-09 08:41:48
Message-ID:	20150709084148.GU10242@alap3.anarazel.de
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 2015-07-09 01:28:28 -0400, Noah Misch wrote:
> > - Keep the OID check, shouldn't hurt to have it
>
> What benefit is left?

A bit of defense in depth. We execute user defined code in COPY
(e.g. BEFORE triggers). That user defined code could very well replace
the relation. Now I think right now that'd happen late enough, so the
second lookup already happened. But a bit more robust defense against
that sounds good to me.

In response to

Re: copy.c handling for RLS is insecure at 2015-07-09 05:28:28 from Noah Misch

Responses

Re: copy.c handling for RLS is insecure at 2015-07-09 21:21:41 from Stephen Frost

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	David Rowley	2015-07-09 09:44:11	Re: Sharing aggregate states between different aggregate functions
Previous Message	Peter Geoghegan	2015-07-09 08:10:23	Re: Further issues with jsonb semantics, documentation