| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: more RLS oversights |
| Date: | 2015-02-26 04:37:24 |
| Message-ID: | 20150226043724.GJ29780@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert, all,
* Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> > I happened to notice this morning while hacking that the
> > "hasRowSecurity" fields added to PlannerGlobal and PlannedStmt have
> > not been given proper nodefuncs.c support. Both need to be added to
> > outfuncs.c, and the latter to copyfuncs.c. The latter omission may
> > well be a security bug, although I haven't attempted to verify that,
> > but fortunately this isn't released yet.
>
> I saw this and will address it. Would be great if you wouldn't mind
> CC'ing me directly on anything RLS-related, same as you CC'd me on the
> column-privilege backpatch. I expect I'll probably notice anyway, but
> I'll see them faster when I'm CC'd.
>
> I agree that it's great that we're catching issues prior to when the
> feature is released and look forward to anything else you (or anyone
> else!) finds.
I've pushed a fix for this. Please let me know if you see any other
issues or run into any problems.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2015-02-26 04:40:24 | Re: pgaudit - an auditing extension for PostgreSQL |
| Previous Message | Fujii Masao | 2015-02-26 03:42:54 | Re: pgaudit - an auditing extension for PostgreSQL |