Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd034ab0

Browse files
committed
Revert commit56bc82a.
This commit reverts the fix "Make inherited TRUNCATE perform accesspermission checks on parent table only" only in the back branches.It's not hard to imagine that there are some applications expectingthe old behavior and the fix breaks their security. To avoid thiscompatibility problem, we decided to apply the fix only in HEAD andrevert it in all supported back branches.Discussion:https://postgr.es/m/21015.1580400165@sss.pgh.pa.us
1 parent95936c7 commitd034ab0

File tree

3 files changed

+18
-84
lines changed

3 files changed

+18
-84
lines changed

‎src/backend/commands/tablecmds.c

Lines changed: 18 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -262,9 +262,7 @@ struct DropRelationCallbackState
262262
#defineATT_COMPOSITE_TYPE0x0010
263263
#defineATT_FOREIGN_TABLE0x0020
264264

265-
staticvoidtruncate_check_rel(Oidrelid,Form_pg_classreltuple);
266-
staticvoidtruncate_check_perms(Oidrelid,Form_pg_classreltuple);
267-
staticvoidtruncate_check_activity(Relationrel);
265+
staticvoidtruncate_check_rel(Relationrel);
268266
staticList*MergeAttributes(List*schema,List*supers,charrelpersistence,
269267
List**supOids,List**supconstr,int*supOidCount);
270268
staticboolMergeCheckConstraint(List*constraints,char*name,Node*expr);
@@ -1020,11 +1018,7 @@ ExecuteTruncate(TruncateStmt *stmt)
10201018
heap_close(rel,lockmode);
10211019
continue;
10221020
}
1023-
1024-
truncate_check_rel(myrelid,rel->rd_rel);
1025-
truncate_check_perms(myrelid,rel->rd_rel);
1026-
truncate_check_activity(rel);
1027-
1021+
truncate_check_rel(rel);
10281022
rels=lappend(rels,rel);
10291023
relids=lappend_oid(relids,myrelid);
10301024

@@ -1060,15 +1054,7 @@ ExecuteTruncate(TruncateStmt *stmt)
10601054
continue;
10611055
}
10621056

1063-
/*
1064-
* Inherited TRUNCATE commands perform access
1065-
* permission checks on the parent table only.
1066-
* So we skip checking the children's permissions
1067-
* and don't call truncate_check_perms() here.
1068-
*/
1069-
truncate_check_rel(RelationGetRelid(rel),rel->rd_rel);
1070-
truncate_check_activity(rel);
1071-
1057+
truncate_check_rel(rel);
10721058
rels=lappend(rels,rel);
10731059
relids=lappend_oid(relids,childrelid);
10741060
}
@@ -1102,9 +1088,7 @@ ExecuteTruncate(TruncateStmt *stmt)
11021088
ereport(NOTICE,
11031089
(errmsg("truncate cascades to table \"%s\"",
11041090
RelationGetRelationName(rel))));
1105-
truncate_check_rel(relid,rel->rd_rel);
1106-
truncate_check_perms(relid,rel->rd_rel);
1107-
truncate_check_activity(rel);
1091+
truncate_check_rel(rel);
11081092
rels=lappend(rels,rel);
11091093
relids=lappend_oid(relids,relid);
11101094
}
@@ -1305,45 +1289,30 @@ ExecuteTruncate(TruncateStmt *stmt)
13051289
* Check that a given rel is safe to truncate. Subroutine for ExecuteTruncate
13061290
*/
13071291
staticvoid
1308-
truncate_check_rel(Oidrelid,Form_pg_classreltuple)
1292+
truncate_check_rel(Relationrel)
13091293
{
1310-
char*relname=NameStr(reltuple->relname);
1294+
AclResultaclresult;
13111295

13121296
/* Only allow truncate on regular tables */
1313-
if (reltuple->relkind!=RELKIND_RELATION)
1297+
if (rel->rd_rel->relkind!=RELKIND_RELATION)
13141298
ereport(ERROR,
13151299
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
1316-
errmsg("\"%s\" is not a table",relname)));
1300+
errmsg("\"%s\" is not a table",
1301+
RelationGetRelationName(rel))));
13171302

1318-
if (!allowSystemTableMods&&IsSystemClass(relid,reltuple))
1303+
/* Permissions checks */
1304+
aclresult=pg_class_aclcheck(RelationGetRelid(rel),GetUserId(),
1305+
ACL_TRUNCATE);
1306+
if (aclresult!=ACLCHECK_OK)
1307+
aclcheck_error(aclresult,ACL_KIND_CLASS,
1308+
RelationGetRelationName(rel));
1309+
1310+
if (!allowSystemTableMods&&IsSystemRelation(rel))
13191311
ereport(ERROR,
13201312
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
13211313
errmsg("permission denied: \"%s\" is a system catalog",
1322-
relname)));
1323-
}
1324-
1325-
/*
1326-
* Check that current user has the permission to truncate given relation.
1327-
*/
1328-
staticvoid
1329-
truncate_check_perms(Oidrelid,Form_pg_classreltuple)
1330-
{
1331-
char*relname=NameStr(reltuple->relname);
1332-
AclResultaclresult;
1333-
1334-
/* Permissions checks */
1335-
aclresult=pg_class_aclcheck(relid,GetUserId(),ACL_TRUNCATE);
1336-
if (aclresult!=ACLCHECK_OK)
1337-
aclcheck_error(aclresult,ACL_KIND_CLASS,relname);
1338-
}
1314+
RelationGetRelationName(rel))));
13391315

1340-
/*
1341-
* Set of extra sanity checks to check if a given relation is safe to
1342-
* truncate.
1343-
*/
1344-
staticvoid
1345-
truncate_check_activity(Relationrel)
1346-
{
13471316
/*
13481317
* Don't allow truncate on temp tables of other backends ... their local
13491318
* buffer manager is not going to cope.

‎src/test/regress/expected/privileges.out

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -656,27 +656,6 @@ SELECT oid FROM atestp2; -- ok
656656
-----
657657
(0 rows)
658658

659-
-- child's permissions do not apply when operating on parent
660-
SET SESSION AUTHORIZATION regressuser1;
661-
REVOKE ALL ON atestc FROM regressuser2;
662-
GRANT ALL ON atestp1 TO regressuser2;
663-
SET SESSION AUTHORIZATION regressuser2;
664-
SELECT f2 FROM atestp1; -- ok
665-
f2
666-
----
667-
(0 rows)
668-
669-
SELECT f2 FROM atestc; -- fail
670-
ERROR: permission denied for relation atestc
671-
DELETE FROM atestp1; -- ok
672-
DELETE FROM atestc; -- fail
673-
ERROR: permission denied for relation atestc
674-
UPDATE atestp1 SET f1 = 1; -- ok
675-
UPDATE atestc SET f1 = 1; -- fail
676-
ERROR: permission denied for relation atestc
677-
TRUNCATE atestp1; -- ok
678-
TRUNCATE atestc; -- fail
679-
ERROR: permission denied for relation atestc
680659
-- privileges on functions, languages
681660
-- switch to superuser
682661
\c -

‎src/test/regress/sql/privileges.sql

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -414,20 +414,6 @@ SELECT fy FROM atestp2; -- ok
414414
SELECT atestp2FROM atestp2;-- ok
415415
SELECToidFROM atestp2;-- ok
416416

417-
-- child's permissions do not apply when operating on parent
418-
SET SESSION AUTHORIZATION regressuser1;
419-
REVOKE ALLON atestcFROM regressuser2;
420-
GRANT ALLON atestp1 TO regressuser2;
421-
SET SESSION AUTHORIZATION regressuser2;
422-
SELECT f2FROM atestp1;-- ok
423-
SELECT f2FROM atestc;-- fail
424-
DELETEFROM atestp1;-- ok
425-
DELETEFROM atestc;-- fail
426-
UPDATE atestp1SET f1=1;-- ok
427-
UPDATE atestcSET f1=1;-- fail
428-
TRUNCATE atestp1;-- ok
429-
TRUNCATE atestc;-- fail
430-
431417
-- privileges on functions, languages
432418

433419
-- switch to superuser

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp