]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 78119a0) | patch
Handle RLS dependencies in inlined set-returning functions properly.
authorTom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:45 +0000 (10:12 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Mon, 8 May 2023 14:12:45 +0000 (10:12 -0400)
commitee87b482c3952a1e7504a8ba0df7c8ebaab36f72
treef0a0704ab60d35d192f64d86820d4a29ef2a96c2tree | snapshot
parent78119a0bf98edb13e7f79c6402378376cc6b6ca4commit | diff
Handle RLS dependencies in inlined set-returning functions properly.

If an SRF in the FROM clause references a table having row-level
security policies, and we inline that SRF into the calling query,
we neglected to mark the plan as potentially dependent on which
role is executing it.  This could lead to later executions in the
same session returning or hiding rows that should have been hidden
or returned instead.

Our thanks to Wolfgang Walther for reporting this problem.

Stephen Frost and Tom Lane

Security: CVE-2023-2455
src/backend/optimizer/util/clauses.c diff | blob | blame | history
src/test/regress/expected/rowsecurity.out diff | blob | blame | history
src/test/regress/sql/rowsecurity.sql diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git