Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commita5b26aa

Browse files
committed
pg_dump: avoid unsafe function calls in getPolicies().
getPolicies() had the same disease I fixed in other places incommite3fcbbd, i.e., it was calling pg_get_expr() forexpressions on tables that we don't necessarily have lock on.To fix, restrict the query to only collect interesting rows,rather than doing the filtering on the client side.Back-patch of commit3e6e86a. That's been in v15/HEAD long enoughto have some confidence about it, so now let's fix the problem inolder branches.Discussion:https://postgr.es/m/2273648.1634764485@sss.pgh.pa.usDiscussion:https://postgr.es/m/7d7eb6128f40401d81b3b7a898b6b4de@W2012-02.nidsa.locDiscussion:https://postgr.es/m/45c93d57-9973-248e-d2df-e02ca9af48d4@darold.net
1 parente46e986 commita5b26aa

File tree

1 file changed

+29
-13
lines changed

1 file changed

+29
-13
lines changed

‎src/bin/pg_dump/pg_dump.c

Lines changed: 29 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3619,6 +3619,7 @@ void
36193619
getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
36203620
{
36213621
PQExpBuffer query;
3622+
PQExpBuffer tbloids;
36223623
PGresult *res;
36233624
PolicyInfo *polinfo;
36243625
inti_oid;
@@ -3634,15 +3635,17 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
36343635
j,
36353636
ntups;
36363637

3638+
/* No policies before 9.5 */
36373639
if (fout->remoteVersion < 90500)
36383640
return;
36393641

36403642
query = createPQExpBuffer();
3643+
tbloids = createPQExpBuffer();
36413644

36423645
/*
3643-
* First, check which tables have RLS enabled. We represent RLS being
3644-
* enabled on a table by creating a PolicyInfo object with null polname.
3646+
* Identify tables of interest, and check which ones have RLS enabled.
36453647
*/
3648+
appendPQExpBufferChar(tbloids, '{');
36463649
for (i = 0; i < numTables; i++)
36473650
{
36483651
TableInfo *tbinfo = &tblinfo[i];
@@ -3651,9 +3654,23 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
36513654
if (!(tbinfo->dobj.dump & DUMP_COMPONENT_POLICY))
36523655
continue;
36533656

3657+
/* It can't have RLS or policies if it's not a table */
3658+
if (tbinfo->relkind != RELKIND_RELATION &&
3659+
tbinfo->relkind != RELKIND_PARTITIONED_TABLE)
3660+
continue;
3661+
3662+
/* Add it to the list of table OIDs to be probed below */
3663+
if (tbloids->len > 1)/* do we have more than the '{'? */
3664+
appendPQExpBufferChar(tbloids, ',');
3665+
appendPQExpBuffer(tbloids, "%u", tbinfo->dobj.catId.oid);
3666+
3667+
/* Is RLS enabled? (That's separate from whether it has policies) */
36543668
if (tbinfo->rowsec)
36553669
{
36563670
/*
3671+
* We represent RLS being enabled on a table by creating a
3672+
* PolicyInfo object with null polname.
3673+
*
36573674
* Note: use tableoid 0 so that this object won't be mistaken for
36583675
* something that pg_depend entries apply to.
36593676
*/
@@ -3673,15 +3690,18 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
36733690
polinfo->polwithcheck = NULL;
36743691
}
36753692
}
3693+
appendPQExpBufferChar(tbloids, '}');
36763694

36773695
/*
3678-
* Now, read all RLS policies, and create PolicyInfo objects for all those
3679-
* that are of interest.
3696+
* Now, read all RLS policies belonging to the tables of interest, and
3697+
* create PolicyInfo objects for them. (Note that we must filter the
3698+
* results server-side not locally, because we dare not apply pg_get_expr
3699+
* to tables we don't have lock on.)
36803700
*/
36813701
pg_log_info("reading row-level security policies");
36823702

36833703
printfPQExpBuffer(query,
3684-
"SELECT oid, tableoid, pol.polrelid, pol.polname, pol.polcmd, ");
3704+
"SELECTpol.oid,pol.tableoid, pol.polrelid, pol.polname, pol.polcmd, ");
36853705
if (fout->remoteVersion >= 100000)
36863706
appendPQExpBuffer(query, "pol.polpermissive, ");
36873707
else
@@ -3691,7 +3711,9 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
36913711
" pg_catalog.array_to_string(ARRAY(SELECT pg_catalog.quote_ident(rolname) from pg_catalog.pg_roles WHERE oid = ANY(pol.polroles)), ', ') END AS polroles, "
36923712
"pg_catalog.pg_get_expr(pol.polqual, pol.polrelid) AS polqual, "
36933713
"pg_catalog.pg_get_expr(pol.polwithcheck, pol.polrelid) AS polwithcheck "
3694-
"FROM pg_catalog.pg_policy pol");
3714+
"FROM unnest('%s'::pg_catalog.oid[]) AS src(tbloid)\n"
3715+
"JOIN pg_catalog.pg_policy pol ON (src.tbloid = pol.polrelid)",
3716+
tbloids->data);
36953717

36963718
res = ExecuteSqlQuery(fout, query->data, PGRES_TUPLES_OK);
36973719

@@ -3715,13 +3737,6 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
37153737
Oidpolrelid = atooid(PQgetvalue(res, j, i_polrelid));
37163738
TableInfo *tbinfo = findTableByOid(polrelid);
37173739

3718-
/*
3719-
* Ignore row security on tables not to be dumped. (This will
3720-
* result in some harmless wasted slots in polinfo[].)
3721-
*/
3722-
if (!(tbinfo->dobj.dump & DUMP_COMPONENT_POLICY))
3723-
continue;
3724-
37253740
polinfo[j].dobj.objType = DO_POLICY;
37263741
polinfo[j].dobj.catId.tableoid =
37273742
atooid(PQgetvalue(res, j, i_tableoid));
@@ -3756,6 +3771,7 @@ getPolicies(Archive *fout, TableInfo tblinfo[], int numTables)
37563771
PQclear(res);
37573772

37583773
destroyPQExpBuffer(query);
3774+
destroyPQExpBuffer(tbloids);
37593775
}
37603776

37613777
/*

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp