Re: Odd behavior of updatable security barrier views on foreign tables

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Etsuro Fujita <fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp>
Cc: Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org >> PostgreSQL-development" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Odd behavior of updatable security barrier views on foreign tables
Date: 2015-02-17 22:44:51
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers


* Etsuro Fujita (fujita(dot)etsuro(at)lab(dot)ntt(dot)co(dot)jp) wrote:
> On 2015/02/11 4:06, Stephen Frost wrote:
> >I had been trying to work out an FDW-specific way to address this, but I
> >think Dean's right that this should be addressed in
> >expand_security_qual(), which means it'll apply to all cases and not
> >just these FDW calls. I don't think that's actually an issue though and
> >it'll match up to how SELECT FOR UPDATE is handled today.
> Sorry, my explanation was not accurate, but I also agree with Dean's
> idea. In the above, I just wanted to make it clear that such a lock
> request done by expand_security_qual() should be limited to the case
> where the relation that is a former result relation is a foreign
> table.

Attached is a patch which should address this. Would love your (or
anyone else's) feedback on it. It appears to address the issue which
you raised and the regression test changes are all in-line with
inserting a LockRows into the subquery, as anticipated.



Attachment Content-Type Size
fix-sbv-locking-9.4.patch text/x-diff 21.8 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2015-02-17 22:53:06 Re: sloppy back-patching of column-privilege leak
Previous Message Oskari Saarenmaa 2015-02-17 22:39:27 Re: Configurable location for extension .control files