Re: Overcoming SELECT ... FOR UPDATE permission restrictions
Alexander Law <exclusion@gmail.com>
From: Alexander Lakhin <exclusion@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2018-04-16T17:12:45Z
Lists: pgsql-hackers
13.04.2018 18:55, Tom Lane wrote: > Although this is arguably a security bug, I'm not sure we should > back-patch it. The consequences seem relatively minor, and the > behavioral change carries a significant risk of breaking applications > that worked as-intended up to now. Thoughts? The worst scenario (with the current system views) I could think of is: user=> CREATE VIEW pgg AS SELECT * FROM pg_group; BEGIN TRANSACTION; SELECT * FROM pgg FOR UPDATE; SELECT pg_sleep(60); ROLLBACK; and the parallel operation: admin=> DROP ROLE testrole; hangs for one minute. But admin can observer the locks and kill the offending backend so it's hardly a critical issue.
Commits
-
Simplify view-expansion code in rewriteHandler.c.
- 49ac4039b28e 11.0 landed
-
Fix enforcement of SELECT FOR UPDATE permissions with nested views.
- 50c6bb022475 11.0 landed