pgsql: Fix security checks for selectivity estimation functions withRL
| От | Dean Rasheed |
|---|---|
| Тема | pgsql: Fix security checks for selectivity estimation functions withRL |
| Дата | |
| Msg-id | E1hNbCh-0004Pf-8Q@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Fix security checks for selectivity estimation functions with RLS. In commit e2d4ef8de8, security checks were added to prevent user-supplied operators from running over data from pg_statistic unless the user has table or column privileges on the table, or the operator is leakproof. For a table with RLS, however, checking for table or column privileges is insufficient, since that does not guarantee that the user has permission to view all of the column's data. Fix this by also checking for securityQuals on the RTE, and insisting that the operator be leakproof if there are any. Thus the leakproofness check will only be skipped if there are no securityQuals and the user has table or column privileges on the table -- i.e., only if we know that the user has access to all the data in the column. Back-patch to 9.5 where RLS was added. Dean Rasheed, reviewed by Jonathan Katz and Stephen Frost. Security: CVE-2019-10130 Branch ------ REL_11_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/0027ee3c52d824764f7f8391edb2695c3d2b424f Modified Files -------------- src/backend/utils/adt/selfuncs.c | 21 +++++++++++++++------ src/test/regress/expected/rowsecurity.out | 21 +++++++++++++++++++++ src/test/regress/sql/rowsecurity.sql | 20 ++++++++++++++++++++ 3 files changed, 56 insertions(+), 6 deletions(-)
В списке pgsql-committers по дате отправления: