In REFRESH MATERIALIZED VIEW, set user ID before running user code.
It intended to, but did not, achieve this. Adopt the new standard of
setting user ID just after locking the relation. Back-patch to v10 (all
supported versions).
Reviewed by Simon Riggs. Reported by Alvaro Herrera.
Security: CVE-2022-1552
Branch
------
REL_11_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/34ff15660b4f752e3941d661c3896fd96b1571f9
Modified Files
--------------
src/backend/commands/matview.c | 30 +++++++++++-------------------
src/test/regress/expected/privileges.out | 16 ++++++++++++++++
src/test/regress/sql/privileges.sql | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 19 deletions(-)