| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE. |
| Date: | 2017-11-06 09:24:03 |
| Message-ID: | E1eBddT-00046t-Mz@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Always require SELECT permission for ON CONFLICT DO UPDATE.
The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name.
In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies when the update
path was taken (regardless of how the arbiter index was specified).
Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced.
Security: CVE-2017-15099
Branch
------
REL9_6_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/1f23d1cd21ed46dba882729bedd9c40b71995989
Modified Files
--------------
src/backend/catalog/pg_constraint.c | 98 +++++++++++++++++++++++++++++++
src/backend/parser/parse_clause.c | 21 ++++++-
src/backend/rewrite/rowsecurity.c | 20 ++++++-
src/include/catalog/pg_constraint_fn.h | 2 +
src/test/regress/expected/privileges.out | 16 ++++-
src/test/regress/expected/rowsecurity.out | 15 ++++-
src/test/regress/sql/privileges.sql | 19 +++++-
src/test/regress/sql/rowsecurity.sql | 14 ++++-
8 files changed, 194 insertions(+), 11 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Noah Misch | 2017-11-06 15:12:49 | pgsql: start-scripts: switch to $PGUSER before opening $PGLOG. |
| Previous Message | Noah Misch | 2017-11-06 03:03:54 | pgsql: Add a temp-install prerequisite to "check"-like targets not havi |