git.postgresql.org Git - postgresql.git/commit

git projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 681d9e4) | patch
Handle RLS dependencies in inlined set-returning functions properly.
author Tom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:44 +0000 (10:12 -0400)
committer Tom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:44 +0000 (10:12 -0400)
commit ca73753b090c33bc69ce299b4d7fff891a77b8ad
tree 802e903b453a2022d73a88b8c3753532c5e615af tree
parent 681d9e4621aac0a9c71364b6f54f00f6d8c4337f commit | diff
Handle RLS dependencies in inlined set-returning functions properly.

If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it. This could lead to later executions in the
same session returning or hiding rows that should have been hidden
or returned instead.

Our thanks to Wolfgang Walther for reporting this problem.

Stephen Frost and Tom Lane

Security: CVE-2023-2455
src/backend/optimizer/util/clauses.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
This is the main PostgreSQL git repository.
RSS Atom

AltStyle によって変換されたページ (->オリジナル) /