Ensure cached plans are correctly marked as dependent on role.
If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it. This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.
Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
Branch
------
REL_13_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/952ff31e2a89e8ca79ecb12d61fddbeac3d89176
Modified Files
--------------
src/backend/executor/functions.c | 6 +++
src/backend/rewrite/rewriteHandler.c | 67 +++++++++++++++++++++++---
src/test/regress/expected/rowsecurity.out | 78 +++++++++++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 44 +++++++++++++++++
src/tools/pgindent/typedefs.list | 1 +
5 files changed, 190 insertions(+), 6 deletions(-)
