[COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE. - Mailing list pgsql-committers

From Dean Rasheed
Subject [COMMITTERS] pgsql: Always require SELECT permission for ON CONFLICT DO UPDATE.
Date
Msg-id E1eBddT-00046p-Mk@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
Always require SELECT permission for ON CONFLICT DO UPDATE.

The update path of an INSERT ... ON CONFLICT DO UPDATE requires SELECT
permission on the columns of the arbiter index, but it failed to check
for that in the case of an arbiter specified by constraint name.

In addition, for a table with row level security enabled, it failed to
check updated rows against the table's SELECT policies when the update
path was taken (regardless of how the arbiter index was specified).

Backpatch to 9.5 where ON CONFLICT DO UPDATE and RLS were introduced.

Security: CVE-2017-15099

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/87b2ebd352c4afe1ded0841604b59a3afbae97d1

Modified Files
--------------
src/backend/catalog/pg_constraint.c       | 98 +++++++++++++++++++++++++++++++
src/backend/parser/parse_clause.c         | 21 ++++++-
src/backend/rewrite/rowsecurity.c         | 20 ++++++-
src/include/catalog/pg_constraint_fn.h    |  2 +
src/test/regress/expected/privileges.out  | 16 ++++-
src/test/regress/expected/rowsecurity.out | 15 ++++-
src/test/regress/sql/privileges.sql       | 19 +++++-
src/test/regress/sql/rowsecurity.sql      | 14 ++++-
8 files changed, 194 insertions(+), 11 deletions(-)


--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers

pgsql-committers by date:

Previous
From: Noah Misch
Date:
Subject: [COMMITTERS] pgsql: Add a temp-install prerequisite to "check"-like targets nothavi
Next
From: Noah Misch
Date:
Subject: [COMMITTERS] pgsql: start-scripts: switch to $PGUSER before opening $PGLOG.