Home > mailing lists

pgsql: Remove the SECURITY_ROW_LEVEL_DISABLED security context bit. - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Remove the SECURITY_ROW_LEVEL_DISABLED security context bit.
Date	September 21, 2015 01:01:08
Msg-id	E1ZdpTK-0008FE-EK@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Remove the SECURITY_ROW_LEVEL_DISABLED security context bit.

This commit's parent made superfluous the bit's sole usage.  Referential
integrity checks have long run as the subject table's owner, and that
now implies RLS bypass.  Safe use of the bit was tricky, requiring
strict control over the SQL expressions evaluating therein.  Back-patch
to 9.5, where the bit was introduced.

Based on a patch by Stephen Frost.

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/bbdb9dfbc3c722b4c811c5cbfa03ce79b7b74824

Modified Files
--------------
src/backend/utils/adt/ri_triggers.c |   17 +----------------
src/backend/utils/cache/plancache.c |   12 ++----------
src/backend/utils/init/miscinit.c   |   14 +-------------
src/backend/utils/misc/rls.c        |    7 -------
src/include/miscadmin.h             |    2 --
src/include/utils/plancache.h       |    1 -
6 files changed, 4 insertions(+), 49 deletions(-)

pgsql-committers by date:

From: Noah Misch
Date: 21 September 2015, 01:01:06
Subject: pgsql: Restrict file mode creation mask during tmpfile().

From: Noah Misch
Date: 21 September 2015, 01:01:09
Subject: pgsql: Restrict file mode creation mask during tmpfile().

pgsql: Remove the SECURITY_ROW_LEVEL_DISABLED security context bit. - Mailing list pgsql-committers

Previous

Next