Quick Links

Re: Bug: RLS policy FOR SELECT is used to check new rows

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>
Cc:	Stephen Frost <sfrost(at)snowman(dot)net>, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-hackers(at)lists(dot)postgresql(dot)org
Subject:	Re: Bug: RLS policy FOR SELECT is used to check new rows
Date:	2023-10-24 17:43:21
Message-ID:	62c73a97e607ce46b989f8950c4ba3bc8c0d0535.camel@j-davis.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, 2023-10-24 at 11:59 -0400, Tom Lane wrote:
> I'm fairly sure that it was intentional, but I don't recall the
> reasoning; perhaps Stephen does. In any case, I grasp your point
> that maybe we should distinguish RETURNING from not-RETURNING cases.

Perhaps the idea is that if there are constraints involved, the failure
or success of an INSERT/UPDATE/DELETE could leak information that you
don't have privileges to read.

Regards,
Jeff Davis

In response to

Re: Bug: RLS policy FOR SELECT is used to check new rows at 2023-10-24 15:59:06 from Tom Lane

Responses

Re: Bug: RLS policy FOR SELECT is used to check new rows at 2023-10-24 18:42:19 from Robert Haas

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Robert Haas	2023-10-24 18:42:19	Re: Bug: RLS policy FOR SELECT is used to check new rows
Previous Message	Nathan Bossart	2023-10-24 17:04:51	Re: SLRU optimization - configurable buffer pool and partitioning the SLRU lock