diff options
Diffstat (limited to 'src/backend/commands/analyze.c')
| -rw-r--r-- | src/backend/commands/analyze.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/src/backend/commands/analyze.c b/src/backend/commands/analyze.c index f442bf65360..38f2e1f0b37 100644 --- a/src/backend/commands/analyze.c +++ b/src/backend/commands/analyze.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/commands/analyze.c,v 1.114.2.3 2009/08/12 18:24:03 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/commands/analyze.c,v 1.114.2.4 2009/12/09 21:58:16 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -36,6 +36,7 @@ #include "storage/procarray.h" #include "utils/acl.h" #include "utils/datum.h" +#include "utils/guc.h" #include "utils/lsyscache.h" #include "utils/memutils.h" #include "utils/pg_rusage.h" @@ -122,7 +123,8 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, PGRUsage ru0; TimestampTz starttime = 0; Oid save_userid; - bool save_secdefcxt; + int save_sec_context; + int save_nestlevel; if (vacstmt->verbose) elevel = INFO; @@ -212,11 +214,14 @@ analyze_rel(Oid relid, VacuumStmt *vacstmt, RelationGetRelationName(onerel)))); /* - * Switch to the table owner's userid, so that any index functions are - * run as that user. + * Switch to the table owner's userid, so that any index functions are run + * as that user. Also lock down security-restricted operations and + * arrange to make GUC variable changes local to this command. */ - GetUserIdAndContext(&save_userid, &save_secdefcxt); - SetUserIdAndContext(onerel->rd_rel->relowner, true); + GetUserIdAndSecContext(&save_userid, &save_sec_context); + SetUserIdAndSecContext(onerel->rd_rel->relowner, + save_sec_context | SECURITY_RESTRICTED_OPERATION); + save_nestlevel = NewGUCNestLevel(); /* let others know what I'm doing */ LWLockAcquire(ProcArrayLock, LW_EXCLUSIVE); @@ -497,8 +502,11 @@ cleanup: MyProc->vacuumFlags &= ~PROC_IN_ANALYZE; LWLockRelease(ProcArrayLock); - /* Restore userid */ - SetUserIdAndContext(save_userid, save_secdefcxt); + /* Roll back any GUC changes executed by index functions */ + AtEOXact_GUC(false, save_nestlevel); + + /* Restore userid and security context */ + SetUserIdAndSecContext(save_userid, save_sec_context); } /* |