In REFRESH MATERIALIZED VIEW, set user ID before running user code.
It intended to, but did not, achieve this. Adopt the new standard of
setting user ID just after locking the relation. Back-patch to v10 (all
supported versions).
Reviewed by Simon Riggs. Reported by Alvaro Herrera.
Security: CVE-2022-1552
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/f26d5702857a9c027f84850af48b0eea0f3aa15c
Modified Files
--------------
src/backend/commands/matview.c | 30 +++++++++++-------------------
src/test/regress/expected/privileges.out | 16 ++++++++++++++++
src/test/regress/sql/privileges.sql | 17 +++++++++++++++++
3 files changed, 44 insertions(+), 19 deletions(-)