Home > mailing lists

pgsql: Perform RLS subquery checks as the right user when going via av - Mailing list pgsql-committers

From	Dean Rasheed
Subject	pgsql: Perform RLS subquery checks as the right user when going via av
Date	April 2, 2019 10:31:44
Msg-id	E1hBDtY-0003xP-Bo@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Perform RLS subquery checks as the right user when going via a view.

When accessing a table with RLS via a view, the RLS checks are
performed as the view owner. However, the code neglected to propagate
that to any subqueries in the RLS checks. Fix that by calling
setRuleCheckAsUser() for all RLS policy quals and withCheckOption
checks for RTEs with RLS.

Back-patch to 9.5 where RLS was added.

Per bug #15708 from daurnimator.

Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org

Branch
------
REL9_6_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/1b9a2f458b36747db07aff6631ade56c24cfda03

Modified Files
--------------
src/backend/rewrite/rowsecurity.c         |  8 ++++++++
src/test/regress/expected/rowsecurity.out | 27 +++++++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql      | 26 ++++++++++++++++++++++++++
3 files changed, 61 insertions(+)

pgsql-committers by date:

From: Michael Paquier
Date: 02 April 2019, 05:04:53
Subject: pgsql: Add progress reporting to pg_checksums

From: Etsuro Fujita
Date: 02 April 2019, 13:23:48
Subject: pgsql: postgres_fdw: Perform the (ORDERED,NULL) upperrel operations re

pgsql: Perform RLS subquery checks as the right user when going via av - Mailing list pgsql-committers

Previous

Next