| From: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Perform RLS subquery checks as the right user when going via a v |
| Date: | 2019-04-02 07:31:44 |
| Message-ID: | E1hBDtY-0003xJ-BQ@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Perform RLS subquery checks as the right user when going via a view.
When accessing a table with RLS via a view, the RLS checks are
performed as the view owner. However, the code neglected to propagate
that to any subqueries in the RLS checks. Fix that by calling
setRuleCheckAsUser() for all RLS policy quals and withCheckOption
checks for RTEs with RLS.
Back-patch to 9.5 where RLS was added.
Per bug #15708 from daurnimator.
Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e2d28c0f404713f564dc2250646551c75172f17b
Modified Files
--------------
src/backend/rewrite/rowsecurity.c | 8 ++++++++
src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 26 ++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Etsuro Fujita | 2019-04-02 10:23:48 | pgsql: postgres_fdw: Perform the (ORDERED, NULL) upperrel operations re |
| Previous Message | Michael Paquier | 2019-04-02 02:04:53 | pgsql: Add progress reporting to pg_checksums |