Add security checks to the multivariate MCV estimation code.
The multivariate MCV estimation code may run user-defined operators on
the values in the MCV list, which means that those operators may
potentially leak the values from the MCV list. Guard against leaking
data to unprivileged users by checking that the user has SELECT
privileges on the table or all of the columns referred to by the
statistics.
Additionally, if there are any securityQuals on the RTE (either due to
RLS policies on the table, or accessing the table via a security
barrier view), not all rows may be visible to the current user, even
if they have table or column privileges. Thus we further insist that
the operator be leakproof in this case.
Dean Rasheed, reviewed by Tomas Vondra.
Discussion: https://postgr.es/m/CAEZATCUhT9rt7Ui=Vdx4N==VV5XOK5dsXfnGgVOz_JhAicB=ZA@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/d7f8d26d9f4c0a574250ec53a03b3dc08d13796c
Modified Files
--------------
src/backend/statistics/extended_stats.c | 74 +++++++++++++++++++++++++++++----
src/test/regress/expected/stats_ext.out | 60 ++++++++++++++++++++++++++
src/test/regress/sql/stats_ext.sql | 60 ++++++++++++++++++++++++++
3 files changed, 186 insertions(+), 8 deletions(-)
