Re: Overcoming SELECT ... FOR UPDATE permission restrictions

Alexander Law <exclusion@gmail.com>

From: Alexander Lakhin <exclusion@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2018-04-16T17:12:45Z
Lists: pgsql-hackers
13.04.2018 18:55, Tom Lane wrote:
> Although this is arguably a security bug, I'm not sure we should
> back-patch it.  The consequences seem relatively minor, and the
> behavioral change carries a significant risk of breaking applications
> that worked as-intended up to now.  Thoughts?
The worst scenario (with the current system views) I could think of is:
user=> CREATE VIEW pgg AS SELECT * FROM pg_group;
BEGIN TRANSACTION; SELECT * FROM pgg FOR UPDATE; SELECT pg_sleep(60); 
ROLLBACK;
and the parallel operation:
admin=> DROP ROLE testrole;
hangs for one minute.
But admin can observer the locks and kill the offending backend so it's 
hardly a critical issue.



Commits

  1. Simplify view-expansion code in rewriteHandler.c.

  2. Fix enforcement of SELECT FOR UPDATE permissions with nested views.