| From: | Fujii Masao <fujii(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Make inherited LOCK TABLE perform access permission checks on pa |
| Date: | 2020-02-18 04:15:30 |
| Message-ID: | E1j3uIE-0006xn-0w@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Make inherited LOCK TABLE perform access permission checks on parent table only.
Previously, LOCK TABLE command through a parent table checked
the permissions on not only the parent table but also the children
tables inherited from it. This was a bug and inherited queries should
perform access permission checks on the parent table only. This
commit fixes LOCK TABLE so that it does not check the permission
on children tables.
This patch is applied only in the master branch. We decided not to
back-patch because it's not hard to imagine that there are some
applications expecting the old behavior and the change breaks their
security.
Author: Amit Langote
Reviewed-by: Fujii Masao
Discussion: https://postgr.es/m/CAHGQGwE+GauyG7POtRfRwwthAGwTjPQYdFHR97+LzA4RHGnJxA@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/b7e51b350c4e6b1cb3404588cf11801525e2336f
Modified Files
--------------
src/backend/commands/lockcmds.c | 33 +++++++++++---------------------
src/test/regress/expected/lock.out | 10 +++++++---
src/test/regress/expected/privileges.out | 7 +++++++
src/test/regress/sql/lock.sql | 8 ++++++--
src/test/regress/sql/privileges.sql | 6 ++++++
5 files changed, 37 insertions(+), 27 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2020-02-18 21:25:52 | Re: pgsql: Logical Tape Set: lazily allocate read buffer. |
| Previous Message | Michael Paquier | 2020-02-18 04:11:51 | pgsql: Remove duplicated words in comments |