| From: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: First draft of the PG 15 release notes |
| Date: | 2022-05-10 22:12:18 |
| Message-ID: | 95410A6D-BBDF-4B5C-B538-3D79F44199CD@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On May 10, 2022, at 8:44 AM, Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>
> I have completed the first draft of the PG 15 release notes and you can
> see the results here
Thanks, Bruce! This release note:
• Prevent logical replication into tables where the subscription owner is subject to the table's row-level security policies (Mark Dilger)
... should mention, independent of any RLS considerations, subscriptions are now applied under the privilege of the subscription owner. I don't think we can fit it in the release note, but the basic idea is that:
CREATE SUBSCRIPTION ... CONNECTION '...' PUBLICATION ... WITH (enabled = false);
ALTER SUBSCRIPTION ... OWNER TO nonsuperuser_whoever;
ALTER SUBSCRIPTION ... ENABLE;
can be used to replicate a subscription without sync or apply workers operating as superuser. That's the main advantage. Previously, subscriptions always ran with superuser privilege, which creates security concerns if the publisher is malicious (or foolish). Avoiding any unintentional bypassing of RLS was just a necessary detail to close the security loophole, not the main point of the security enhancement.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-05-10 22:46:26 | Re: configure openldap crash warning |
| Previous Message | Bruce Momjian | 2022-05-10 21:57:48 | Re: First draft of the PG 15 release notes |