In REFRESH MATERIALIZED VIEW, set user ID before running user code.
It intended to, but did not, achieve this. Adopt the new standard of
setting user ID just after locking the relation. Back-patch to v10 (all
supported versions).
Reviewed by Simon Riggs. Reported by Alvaro Herrera.
Security: CVE-2022-1552
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/880511cb0bdfd75a29ada6b80bf6e4efe6bc27b4
Modified Files
--------------
src/backend/commands/matview.c | 30 +++++++++++-------------------
src/test/regress/expected/privileges.out | 16 ++++++++++++++++
src/test/regress/sql/privileges.sql | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 19 deletions(-)