]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2212f7d) | patch
Handle RLS dependencies in inlined set-returning functions properly.
authorTom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:44 +0000 (10:12 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:44 +0000 (10:12 -0400)
commitb8e28f04f7f339d4285852960e6455de75dbf9b3
tree157a26ef44b51fcf7a03bb495e89e60245f3572btree
parent2212f7db80e9397825dea5f4947397665a7f60b8commit | diff
Handle RLS dependencies in inlined set-returning functions properly.

If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it.  This could lead to later executions in the
same session returning or hiding rows that should have been hidden
or returned instead.

Our thanks to Wolfgang Walther for reporting this problem.

Stephen Frost and Tom Lane

Security: CVE-2023-2455
src/backend/optimizer/util/clauses.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git