Re: [BUGS] Probably a security bug in PostgreSQL rule system

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Would someone comment on this?

This is fixed in CVS tip.

2004-01-13 22:39  tgl

    * src/backend/rewrite/: rewriteHandler.c (REL7_3_STABLE),
    rewriteHandler.c (REL7_4_STABLE), rewriteHandler.c: Revert
    ill-starred change of 13-Feb-02: it appeared to fix a problem of
    incorrect permissions checking, but in fact disabled most all
    permissions checks for view updates.  This corrects problems
    reported by Sergey Yatskevich among others, at the cost of
    re-introducing the problem previously reported by Tim Burgess.
    However, since we'd lived with that problem for quite awhile
    without knowing it, we can live with it awhile longer until a
    proper fix can be made in 7.5.

2004-01-14 18:01  tgl

    * src/: backend/commands/view.c, backend/executor/execMain.c,
    backend/executor/nodeSubplan.c, backend/nodes/copyfuncs.c,
    backend/nodes/equalfuncs.c, backend/nodes/outfuncs.c,
    backend/nodes/readfuncs.c, backend/optimizer/path/allpaths.c,
    backend/parser/analyze.c, backend/parser/parse_clause.c,
    backend/parser/parse_relation.c, backend/rewrite/rewriteDefine.c,
    backend/rewrite/rewriteHandler.c, include/catalog/catversion.h,
    include/executor/executor.h, include/nodes/parsenodes.h,
    include/parser/parse_clause.h, include/utils/acl.h: Fix
    permission-checking bug reported by Tim Burgess 10-Feb-03 (this
    time for sure...).  Rather than relying on the query context of a
    rangetable entry to identify what permissions it wants checked,
    store a full AclMode mask in each RTE, and check exactly those
    bits.  This allows an RTE specifying, say, INSERT privilege on a
    view to be copied into a derived UPDATE query without changing
    meaning.  Per recent discussion thread.  initdb forced due to
    change of stored rule representation.

            regards, tom lane