From 1b9a2f458b36747db07aff6631ade56c24cfda03 Mon Sep 17 00:00:00 2001 From: Dean Rasheed Date: Tue, 2 Apr 2019 08:20:55 +0100 Subject: Perform RLS subquery checks as the right user when going via a view. When accessing a table with RLS via a view, the RLS checks are performed as the view owner. However, the code neglected to propagate that to any subqueries in the RLS checks. Fix that by calling setRuleCheckAsUser() for all RLS policy quals and withCheckOption checks for RTEs with RLS. Back-patch to 9.5 where RLS was added. Per bug #15708 from daurnimator. Discussion: https://postgr.es/m/15708-d65cab2ce9b1717a@postgresql.org --- src/backend/rewrite/rowsecurity.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'src/backend/rewrite/rowsecurity.c') diff --git a/src/backend/rewrite/rowsecurity.c b/src/backend/rewrite/rowsecurity.c index ad5e2d870f7..ea2607ce719 100644 --- a/src/backend/rewrite/rowsecurity.c +++ b/src/backend/rewrite/rowsecurity.c @@ -47,6 +47,7 @@ #include "nodes/pg_list.h" #include "nodes/plannodes.h" #include "parser/parsetree.h" +#include "rewrite/rewriteDefine.h" #include "rewrite/rewriteHandler.h" #include "rewrite/rewriteManip.h" #include "rewrite/rowsecurity.h" @@ -380,6 +381,13 @@ get_row_security_policies(Query *root, RangeTblEntry *rte, int rt_index, heap_close(rel, NoLock); + /* + * Copy checkAsUser to the row security quals and WithCheckOption checks, + * in case they contain any subqueries referring to other relations. + */ + setRuleCheckAsUser((Node *) *securityQuals, rte->checkAsUser); + setRuleCheckAsUser((Node *) *withCheckOptions, rte->checkAsUser); + /* * Mark this query as having row security, so plancache can invalidate it * when necessary (eg: role changes) -- cgit v1.2.3