pgsql-v9.2-fix-leaky-view-part-1.v8.option-2.patch
application/octet-stream
Filename: pgsql-v9.2-fix-leaky-view-part-1.v8.option-2.patch
Type: application/octet-stream
Part: 0
Message:
Re: [v9.2] Fix Leaky View Problem
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
Series: patch v9
| File | + | − |
|---|---|---|
| src/backend/utils/adt/selfuncs.c | 18 | 0 |
src/backend/utils/adt/selfuncs.c | 18 ++++++++++++++++++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/src/backend/utils/adt/selfuncs.c b/src/backend/utils/adt/selfuncs.c
index f5660b2..4fec5be 100644
--- a/src/backend/utils/adt/selfuncs.c
+++ b/src/backend/utils/adt/selfuncs.c
@@ -4344,6 +4344,14 @@ examine_simple_variable(PlannerInfo *root, Var *var,
else if (rte->rtekind == RTE_RELATION)
{
/*
+ * XXX - Extension module may append qualifiers to apply its row-level
+ * security policy on the table. We disallow to reference pg_statistic
+ * in same reason with security-barrier views.
+ */
+ if (rte->security_barrier)
+ return;
+
+ /*
* Plain table or parent of an inheritance appendrel, so look up the
* column in pg_statistic
*/
@@ -4373,6 +4381,16 @@ examine_simple_variable(PlannerInfo *root, Var *var,
return;
/*
+ * If sub-query would originate from a view with security_barrier
+ * property, it should perform as a black-box from outside of the
+ * view. If and when an operator function has side-effects that
+ * allows to leak its arguments, it can be used to break row-level
+ * security configuration using a view.
+ */
+ if (rte->security_barrier)
+ return;
+
+ /*
* OK, fetch RelOptInfo for subquery. Note that we don't change the
* rel returned in vardata, since caller expects it to be a rel of the
* caller's query level. Because we might already be recursing, we