| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Ensure COPY TO on an RLS-enabled table copies no more than it sh |
| Date: | 2023-03-10 18:52:57 |
| Message-ID: | E1pahrN-002t7A-01@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Ensure COPY TO on an RLS-enabled table copies no more than it should.
The COPY documentation is quite clear that "COPY relation TO" copies
rows from only the named table, not any inheritance children it may
have. However, if you enabled row-level security on the table then
this stopped being true, because the code forgot to apply the ONLY
modifier in the "SELECT ... FROM relation" query that it constructs
in order to allow RLS predicates to be attached. Fix that.
Report and patch by Antonin Houska (comment adjustments and test case
by me). Back-patch to all supported branches.
Discussion: https://postgr.es/m/3472.1675251957@antos
Branch
------
REL_12_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/a30310833d071cfe9c1e7a9768e4d4df47685106
Modified Files
--------------
src/backend/commands/copy.c | 9 +++++---
src/test/regress/expected/rowsecurity.out | 37 +++++++++++++++++++++++++++++++
src/test/regress/sql/rowsecurity.sql | 34 ++++++++++++++++++++++++++++
3 files changed, 77 insertions(+), 3 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2023-03-10 18:58:49 | Re: pgsql: Use ICU by default at initdb time. |
| Previous Message | Jeff Davis | 2023-03-10 18:52:16 | pgsql: initdb: derive encoding from locale for ICU; similar to libc. |