Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitea7857d

Browse files
committed
Revert commita5b652f.
This commit reverts the fix "Make inherited TRUNCATE perform accesspermission checks on parent table only" only in the back branches.It's not hard to imagine that there are some applications expectingthe old behavior and the fix breaks their security. To avoid thiscompatibility problem, we decided to apply the fix only in HEAD andrevert it in all supported back branches.Discussion:https://postgr.es/m/21015.1580400165@sss.pgh.pa.us
1 parent600387f commitea7857d

File tree

3 files changed

+19
-86
lines changed

3 files changed

+19
-86
lines changed

‎src/backend/commands/tablecmds.c‎

Lines changed: 19 additions & 51 deletions
Original file line numberDiff line numberDiff line change
@@ -300,9 +300,7 @@ struct DropRelationCallbackState
300300
#definechild_dependency_type(child_is_partition)\
301301
((child_is_partition) ? DEPENDENCY_AUTO : DEPENDENCY_NORMAL)
302302

303-
staticvoidtruncate_check_rel(Oidrelid,Form_pg_classreltuple);
304-
staticvoidtruncate_check_perms(Oidrelid,Form_pg_classreltuple);
305-
staticvoidtruncate_check_activity(Relationrel);
303+
staticvoidtruncate_check_rel(Relationrel);
306304
staticList*MergeAttributes(List*schema,List*supers,charrelpersistence,
307305
boolis_partition,List**supOids,List**supconstr,
308306
int*supOidCount);
@@ -1383,11 +1381,7 @@ ExecuteTruncate(TruncateStmt *stmt)
13831381
heap_close(rel,lockmode);
13841382
continue;
13851383
}
1386-
1387-
truncate_check_rel(myrelid,rel->rd_rel);
1388-
truncate_check_perms(myrelid,rel->rd_rel);
1389-
truncate_check_activity(rel);
1390-
1384+
truncate_check_rel(rel);
13911385
rels=lappend(rels,rel);
13921386
relids=lappend_oid(relids,myrelid);
13931387
/* Log this relation only if needed for logical decoding */
@@ -1426,15 +1420,7 @@ ExecuteTruncate(TruncateStmt *stmt)
14261420
continue;
14271421
}
14281422

1429-
/*
1430-
* Inherited TRUNCATE commands perform access
1431-
* permission checks on the parent table only.
1432-
* So we skip checking the children's permissions
1433-
* and don't call truncate_check_perms() here.
1434-
*/
1435-
truncate_check_rel(RelationGetRelid(rel),rel->rd_rel);
1436-
truncate_check_activity(rel);
1437-
1423+
truncate_check_rel(rel);
14381424
rels=lappend(rels,rel);
14391425
relids=lappend_oid(relids,childrelid);
14401426
/* Log this relation only if needed for logical decoding */
@@ -1517,9 +1503,7 @@ ExecuteTruncateGuts(List *explicit_rels, List *relids, List *relids_logged,
15171503
ereport(NOTICE,
15181504
(errmsg("truncate cascades to table \"%s\"",
15191505
RelationGetRelationName(rel))));
1520-
truncate_check_rel(relid,rel->rd_rel);
1521-
truncate_check_perms(relid,rel->rd_rel);
1522-
truncate_check_activity(rel);
1506+
truncate_check_rel(rel);
15231507
rels=lappend(rels,rel);
15241508
relids=lappend_oid(relids,relid);
15251509
/* Log this relation only if needed for logical decoding */
@@ -1775,51 +1759,35 @@ ExecuteTruncateGuts(List *explicit_rels, List *relids, List *relids_logged,
17751759
* Check that a given rel is safe to truncate. Subroutine for ExecuteTruncate
17761760
*/
17771761
staticvoid
1778-
truncate_check_rel(Oidrelid,Form_pg_classreltuple)
1762+
truncate_check_rel(Relationrel)
17791763
{
1780-
char*relname=NameStr(reltuple->relname);
1764+
AclResultaclresult;
17811765

17821766
/*
17831767
* Only allow truncate on regular tables and partitioned tables (although,
17841768
* the latter are only being included here for the following checks; no
17851769
* physical truncation will occur in their case.)
17861770
*/
1787-
if (reltuple->relkind!=RELKIND_RELATION&&
1788-
reltuple->relkind!=RELKIND_PARTITIONED_TABLE)
1771+
if (rel->rd_rel->relkind!=RELKIND_RELATION&&
1772+
rel->rd_rel->relkind!=RELKIND_PARTITIONED_TABLE)
17891773
ereport(ERROR,
17901774
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
1791-
errmsg("\"%s\" is not a table",relname)));
1775+
errmsg("\"%s\" is not a table",
1776+
RelationGetRelationName(rel))));
1777+
1778+
/* Permissions checks */
1779+
aclresult=pg_class_aclcheck(RelationGetRelid(rel),GetUserId(),
1780+
ACL_TRUNCATE);
1781+
if (aclresult!=ACLCHECK_OK)
1782+
aclcheck_error(aclresult,get_relkind_objtype(rel->rd_rel->relkind),
1783+
RelationGetRelationName(rel));
17921784

1793-
if (!allowSystemTableMods&&IsSystemClass(relid,reltuple))
1785+
if (!allowSystemTableMods&&IsSystemRelation(rel))
17941786
ereport(ERROR,
17951787
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
17961788
errmsg("permission denied: \"%s\" is a system catalog",
1797-
relname)));
1798-
}
1799-
1800-
/*
1801-
* Check that current user has the permission to truncate given relation.
1802-
*/
1803-
staticvoid
1804-
truncate_check_perms(Oidrelid,Form_pg_classreltuple)
1805-
{
1806-
char*relname=NameStr(reltuple->relname);
1807-
AclResultaclresult;
1808-
1809-
/* Permissions checks */
1810-
aclresult=pg_class_aclcheck(relid,GetUserId(),ACL_TRUNCATE);
1811-
if (aclresult!=ACLCHECK_OK)
1812-
aclcheck_error(aclresult,get_relkind_objtype(reltuple->relkind),
1813-
relname);
1814-
}
1789+
RelationGetRelationName(rel))));
18151790

1816-
/*
1817-
* Set of extra sanity checks to check if a given relation is safe to
1818-
* truncate.
1819-
*/
1820-
staticvoid
1821-
truncate_check_activity(Relationrel)
1822-
{
18231791
/*
18241792
* Don't allow truncate on temp tables of other backends ... their local
18251793
* buffer manager is not going to cope.

‎src/test/regress/expected/privileges.out‎

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -695,27 +695,6 @@ SELECT oid FROM atestp2; -- ok
695695
-----
696696
(0 rows)
697697

698-
-- child's permissions do not apply when operating on parent
699-
SET SESSION AUTHORIZATION regress_priv_user1;
700-
REVOKE ALL ON atestc FROM regress_priv_user2;
701-
GRANT ALL ON atestp1 TO regress_priv_user2;
702-
SET SESSION AUTHORIZATION regress_priv_user2;
703-
SELECT f2 FROM atestp1; -- ok
704-
f2
705-
----
706-
(0 rows)
707-
708-
SELECT f2 FROM atestc; -- fail
709-
ERROR: permission denied for table atestc
710-
DELETE FROM atestp1; -- ok
711-
DELETE FROM atestc; -- fail
712-
ERROR: permission denied for table atestc
713-
UPDATE atestp1 SET f1 = 1; -- ok
714-
UPDATE atestc SET f1 = 1; -- fail
715-
ERROR: permission denied for table atestc
716-
TRUNCATE atestp1; -- ok
717-
TRUNCATE atestc; -- fail
718-
ERROR: permission denied for table atestc
719698
-- privileges on functions, languages
720699
-- switch to superuser
721700
\c -

‎src/test/regress/sql/privileges.sql‎

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -446,20 +446,6 @@ SELECT fy FROM atestp2; -- ok
446446
SELECT atestp2FROM atestp2;-- ok
447447
SELECToidFROM atestp2;-- ok
448448

449-
-- child's permissions do not apply when operating on parent
450-
SET SESSION AUTHORIZATION regress_priv_user1;
451-
REVOKE ALLON atestcFROM regress_priv_user2;
452-
GRANT ALLON atestp1 TO regress_priv_user2;
453-
SET SESSION AUTHORIZATION regress_priv_user2;
454-
SELECT f2FROM atestp1;-- ok
455-
SELECT f2FROM atestc;-- fail
456-
DELETEFROM atestp1;-- ok
457-
DELETEFROM atestc;-- fail
458-
UPDATE atestp1SET f1=1;-- ok
459-
UPDATE atestcSET f1=1;-- fail
460-
TRUNCATE atestp1;-- ok
461-
TRUNCATE atestc;-- fail
462-
463449
-- privileges on functions, languages
464450

465451
-- switch to superuser

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp