diff options
| author | Noah Misch <noah@leadboat.com> | 2015-09-20 20:47:17 -0400 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2015-09-20 20:47:36 -0400 |
| commit | bbdb9dfbc3c722b4c811c5cbfa03ce79b7b74824 (patch) | |
| tree | 1bdc39a0ecc726a76586c92c412dd06a6b243cdf /src/backend/utils/init/miscinit.c | |
| parent | 6dae6edcd88cf3be06acf247c10de925bc065274 (diff) | |
| download | postgresql-bbdb9dfbc3c722b4c811c5cbfa03ce79b7b74824.tar.gz postgresql-bbdb9dfbc3c722b4c811c5cbfa03ce79b7b74824.zip | |
Remove the SECURITY_ROW_LEVEL_DISABLED security context bit.
This commit's parent made superfluous the bit's sole usage. Referential
integrity checks have long run as the subject table's owner, and that
now implies RLS bypass. Safe use of the bit was tricky, requiring
strict control over the SQL expressions evaluating therein. Back-patch
to 9.5, where the bit was introduced.
Based on a patch by Stephen Frost.
Diffstat (limited to 'src/backend/utils/init/miscinit.c')
| -rw-r--r-- | src/backend/utils/init/miscinit.c | 14 |
1 files changed, 1 insertions, 13 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 5bf595c9e5f..f0099d31fad 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -341,7 +341,7 @@ GetAuthenticatedUserId(void) * GetUserIdAndSecContext/SetUserIdAndSecContext - get/set the current user ID * and the SecurityRestrictionContext flags. * - * Currently there are three valid bits in SecurityRestrictionContext: + * Currently there are two valid bits in SecurityRestrictionContext: * * SECURITY_LOCAL_USERID_CHANGE indicates that we are inside an operation * that is temporarily changing CurrentUserId via these functions. This is @@ -359,9 +359,6 @@ GetAuthenticatedUserId(void) * where the called functions are really supposed to be side-effect-free * anyway, such as VACUUM/ANALYZE/REINDEX. * - * SECURITY_ROW_LEVEL_DISABLED indicates that we are inside an operation that - * needs to bypass row level security checks, for example FK checks. - * * Unlike GetUserId, GetUserIdAndSecContext does *not* Assert that the current * value of CurrentUserId is valid; nor does SetUserIdAndSecContext require * the new value to be valid. In fact, these routines had better not @@ -404,15 +401,6 @@ InSecurityRestrictedOperation(void) return (SecurityRestrictionContext & SECURITY_RESTRICTED_OPERATION) != 0; } -/* - * InRowLevelSecurityDisabled - are we inside a RLS-disabled operation? - */ -bool -InRowLevelSecurityDisabled(void) -{ - return (SecurityRestrictionContext & SECURITY_ROW_LEVEL_DISABLED) != 0; -} - /* * These are obsolete versions of Get/SetUserIdAndSecContext that are |