| From: | Alexander Korotkov <akorotkov(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Add permission check for MERGE/SPLIT partition operations |
| Date: | 2024-05-12 21:00:38 |
| Message-ID: | E1s6GJB-000gO0-4u@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add permission check for MERGE/SPLIT partition operations
Currently, we check only owner permission for the parent table before
MERGE/SPLIT partition operations. This leads to a security hole when users
can get access to the data of partitions without permission. This commit
fixes this problem by requiring owner permission on all the partitions
involved.
Reported-by: Alexander Lakhin
Discussion: https://postgr.es/m/0520c72e-8d97-245e-53f9-173beca2ab2e%40gmail.com
Author: Dmitry Koval, Alexander Korotkov
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/3ca43dbbb67fbfb96dec8de2e268b96790555148
Modified Files
--------------
src/backend/parser/parse_utilcmd.c | 5 ++++
src/test/regress/expected/partition_merge.out | 29 +++++++++++++++++++++++
src/test/regress/expected/partition_split.out | 29 +++++++++++++++++++++++
src/test/regress/sql/partition_merge.sql | 33 +++++++++++++++++++++++++++
src/test/regress/sql/partition_split.sql | 33 +++++++++++++++++++++++++++
5 files changed, 129 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2024-05-13 03:22:02 | Re: pgsql: Fix overread in JSON parsing errors for incomplete byte sequence |
| Previous Message | Thomas Munro | 2024-05-12 19:59:19 | pgsql: Skip citext_utf8 test on Windows. |