Re: [v9.2] Fix leaky-view problem, part 2

Noah Misch <noah@2ndquadrant.com>

From: Noah Misch <noah@2ndQuadrant.com>
To: Yeb Havinga <yebhavinga@gmail.com>
Cc: Kohei KaiGai <kaigai@kaigai.gr.jp>, Robert Haas <robertmhaas@gmail.com>, Heikki Linnakangas <heikki.linnakangas@enterprisedb.com>, Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, Stephen Frost <sfrost@snowman.net>, Tom Lane <tgl@sss.pgh.pa.us>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2011-07-20T14:43:03Z
Lists: pgsql-hackers
On Wed, Jul 20, 2011 at 04:23:10PM +0200, Yeb Havinga wrote:
> On 2011-07-20 16:15, Yeb Havinga wrote:
>> On 2011-07-20 16:06, Noah Misch wrote:
>>>
>>> The SQL-level semantics of the view define the access rules in  
>>> question.  How
>>> would you translate that into tests to apply at a lower level?
>> I assumed the leaky view thread was about row level security, not  
>> about access rules to views, since it was mentioned at the RLS wiki  
>> page for se-pgsql. Sorry for the confusion.
> Had to digg a bit for the wiki, it was this one :  
> http://wiki.postgresql.org/wiki/RLS#Issue:_A_leaky_VIEWs_for_RLS

It is about row-level security, broadly.  These patches close the hazard
described in the latter half of this page:
http://www.postgresql.org/docs/9.0/static/rules-privileges.html

In the example given there, "phone NOT LIKE '412%'" is the (row-level) access
rule that needs to apply before any possibly-leaky function sees the tuple.

-- 
Noah Misch                    http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services