]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ef792f7) | patch
In REFRESH MATERIALIZED VIEW, set user ID before running user code.
authorNoah Misch <noah@leadboat.com>
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 9 May 2022 15:35:13 +0000 (08:35 -0700)
commitf26d5702857a9c027f84850af48b0eea0f3aa15c
tree3fb4228cc7cb21bfc15e196a8154caac5c9ef887tree
parentef792f7856dea2576dcd9cab92b2b05fe955696bcommit | diff
In REFRESH MATERIALIZED VIEW, set user ID before running user code.

It intended to, but did not, achieve this.  Adopt the new standard of
setting user ID just after locking the relation.  Back-patch to v10 (all
supported versions).

Reviewed by Simon Riggs.  Reported by Alvaro Herrera.

Security: CVE-2022-1552
src/backend/commands/matview.c diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git