Home > mailing lists

pgsql: In REFRESH MATERIALIZED VIEW, set user ID before running user co - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: In REFRESH MATERIALIZED VIEW, set user ID before running user co
Date	May 9, 2022 18:37:46
Msg-id	E1no5SD-000lVU-5g@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

In REFRESH MATERIALIZED VIEW, set user ID before running user code.

It intended to, but did not, achieve this.  Adopt the new standard of
setting user ID just after locking the relation.  Back-patch to v10 (all
supported versions).

Reviewed by Simon Riggs.  Reported by Alvaro Herrera.

Security: CVE-2022-1552

Branch
------
REL_11_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/34ff15660b4f752e3941d661c3896fd96b1571f9

Modified Files
--------------
src/backend/commands/matview.c           | 30 +++++++++++-------------------
src/test/regress/expected/privileges.out | 16 ++++++++++++++++
src/test/regress/sql/privileges.sql      | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 19 deletions(-)

pgsql-committers by date:

From: Andrew Dunstan
Date: 09 May 2022, 17:10:27
Subject: Re: pgsql: Remove command checks in tests of pg_basebackup and pg_receivewa

From: Tom Lane
Date: 09 May 2022, 18:41:31
Subject: pgsql: Revert "Disallow infinite endpoints in generate_series() for tim

pgsql: In REFRESH MATERIALIZED VIEW, set user ID before running user co - Mailing list pgsql-committers

Previous

Next