pgsql: Fix RLS policy usage in MERGE.
| От | Dean Rasheed |
|---|---|
| Тема | pgsql: Fix RLS policy usage in MERGE. |
| Дата | |
| Msg-id | E1qSvf0-000qO3-03@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Fix RLS policy usage in MERGE. If MERGE executes an UPDATE action on a table with row-level security, the code incorrectly applied the WITH CHECK clauses from the target table's INSERT policies to new rows, instead of the clauses from the table's UPDATE policies. In addition, it failed to check new rows against the target table's SELECT policies, if SELECT permissions were required (likely to always be the case). In addition, if MERGE executes a DO NOTHING action for matched rows, the code incorrectly applied the USING clauses from the target table's DELETE policies to existing target tuples. These policies were applied as checks that would throw an error, if they did not pass. Fix this, so that a MERGE UPDATE action applies the same RLS policies as a plain UPDATE query with a WHERE clause, and a DO NOTHING action does not apply any RLS checks (other than adding clauses from SELECT policies to the join). Back-patch to v15, where MERGE was introduced. Dean Rasheed, reviewed by Stephen Frost. Security: CVE-2023-39418 Branch ------ REL_16_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/67a007dc0cdb8578726c2000a7abc513109cb4a2 Modified Files -------------- src/backend/executor/nodeModifyTable.c | 7 +-- src/backend/rewrite/rowsecurity.c | 85 ++++++++++++++++++++++--------- src/test/regress/expected/rowsecurity.out | 58 ++++++++++++++++----- src/test/regress/sql/rowsecurity.sql | 52 +++++++++++++++---- 4 files changed, 152 insertions(+), 50 deletions(-)
В списке pgsql-committers по дате отправления: