Home > mailing lists

Re: RLS bug in expanding security quals - Mailing list pgsql-hackers

From	Dean Rasheed
Subject	Re: RLS bug in expanding security quals
Date	October 8, 2015 19:50:17
Msg-id	CAEZATCUYtfH8KiyDfE-mAagfAHLPS=z_MXSwBAeo9MkmHPrJ9Q@mail.gmail.com Whole thread Raw
In response to	Re: RLS bug in expanding security quals (Dean Rasheed <dean.a.rasheed@gmail.com>)
Responses	Re: RLS bug in expanding security quals (Haribabu Kommi <kommi.haribabu@gmail.com>) Re: RLS bug in expanding security quals (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On 8 October 2015 at 15:05, Dean Rasheed <dean.a.rasheed@gmail.com> wrote:
> Attached is a simple patch that appears to work, but it needs more
> testing (and some regression tests).
>

Here's an updated patch with an extra regression test case that
triggers the issue.

I've also updated the function comment for expand_security_quals() to
better explain the situations where it actually has work to do --
tables with RLS and updates to auto-updatable security barrier views,
but not SELECTs from security berrier views. This explains why this
bug doesn't affect security barrier views (UNION ALL views aren't
auto-updatable), so only 9.5 and HEAD need to be patched.

Regards,
Dean

Attachment

rls-bug.patch

pgsql-hackers by date:

From: David Christensen
Date: 08 October 2015, 19:43:14
Subject: Re: [PATCH] Teach Catalog.pm how many attributes there should be per DATA() line

From: Nathan Wagner
Date: 08 October 2015, 20:11:27
Subject: Re: bugs and bug tracking

Re: RLS bug in expanding security quals - Mailing list pgsql-hackers

Attachment

Previous

Next