| From: | Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> |
|---|---|
| To: | Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter(at)eisentraut(dot)org>, Paul A Jungwirth <pj(at)illuminatedcomputing(dot)com> |
| Subject: | Re: Fix RLS checks for UPDATE/DELETE FOR PORTION OF leftover rows |
| Date: | 2026-06-30 08:07:23 |
| Message-ID: | B4648790-5945-4C73-AF5A-8CE8A812527E@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On Jun 30, 2026, at 16:00, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> wrote:
>
>
>
>> On Jun 30, 2026, at 15:51, Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com> wrote:
>>
>> Hi,
>>
>> On Tue, 30 Jun 2026 at 13:16, Chao Li <li(dot)evan(dot)chao(at)gmail(dot)com> wrote:
>> Hi,
>>
>> While revisiting “[8e72d914c] Add UPDATE/DELETE FOR PORTION OF”, I found a new issue where inserting leftover rows may skip row-level security checks.
>>
>> Please see if it is the same as this: PostgreSQL: Enforce INSERT RLS checks for FOR PORTION OF leftovers?
>>
>> If yes, it is already present in the PG 19 open list.
>>
>> Regards,
>> Ayush
>
> Thanks for pointing that out. I didn’t notice that thread.
>
> Yes, that’s the same issue. I saw Paul wrote this there:
> ```
> Skipping the RLS checks to insert the leftovers seems like the correct
> behavior to me, since we are skipping the ACL checks (per the
> standard). Shouldn't it be consistent?
> I think the reason we skip the checks is that semantically, the
> leftovers aren't changing anything: they are preserving the history
> that is already there.
> ```
>
> That explains why the ACL checks are skipped as stated in the doc, but I don’t think the same reasoning should apply to RLS checks. As I explained in my patch email, for example, directly inserting [70,100) is blocked by policy t_ins, but a user can work around that by inserting [1,100) and then updating [30,70), which seems like a security hole.
>
I just noticed that I forgot the attached again.
Best regards,
--
Chao Li (Evan)
HighGo Software Co., Ltd.
https://www.highgo.com/
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0001-Fix-RLS-checks-for-FOR-PORTION-OF-leftover-rows.patch | application/octet-stream | 7.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2026-06-30 08:07:55 | Re: Add per-backend lock statistics |
| Previous Message | Michael Paquier | 2026-06-30 08:02:12 | Re: Add pg_stat_kind_info system view |