Revert commit 606f350de9.

This commit reverts the fix "Make inherited TRUNCATE perform access permission checks on parent table only" only in the back branches. It's not hard to imagine that there are some applications expecting the old behavior and the fix breaks their security. To avoid this compatibility problem, we decided to apply the fix only in HEAD and revert it in all supported back branches. Discussion: https://postgr.es/m/21015.1580400165@sss.pgh.pa.us
author: Fujii Masao <fujii@postgresql.org> 2020-02-03 12:43:51 +0900
committer: Fujii Masao <fujii@postgresql.org> 2020-02-03 12:43:51 +0900
commit: dc06d0839a330d2a51ae10d1a168312b9daf7b0a (patch)
tree: f53c3df08fc424fbf670476e58919f5edd4504f8 /src/backend
parent: a5f45c3dd3b569de07e9adf049e748c6a3a896a5 (diff)
download: postgresql-dc06d0839a330d2a51ae10d1a168312b9daf7b0a.tar.gz
postgresql-dc06d0839a330d2a51ae10d1a168312b9daf7b0a.zip
1 files changed, 18 insertions, 49 deletions
diff --git a/src/backend/commands/tablecmds.c b/src/backend/commands/tablecmds.c
index 5f46aaa9dad..7fcc3db14cb 100644
--- a/src/backend/commands/tablecmds.c
+++ b/src/backend/commands/tablecmds.c
@@ -269,9 +269,7 @@ struct DropRelationCallbackState
 #define		ATT_COMPOSITE_TYPE		0x0010
 #define		ATT_FOREIGN_TABLE		0x0020
 
-static void truncate_check_rel(Oid relid, Form_pg_class reltuple);
-static void truncate_check_perms(Oid relid, Form_pg_class reltuple);
-static void truncate_check_activity(Relation rel);
+static void truncate_check_rel(Relation rel);
 static List *MergeAttributes(List *schema, List *supers, char relpersistence,
 				List **supOids, List **supconstr, int *supOidCount);
 static bool MergeCheckConstraint(List *constraints, char *name, Node *expr);
@@ -1048,11 +1046,7 @@ ExecuteTruncate(TruncateStmt *stmt)
 			heap_close(rel, lockmode);
 			continue;
 		}
-
-		truncate_check_rel(myrelid, rel->rd_rel);
-		truncate_check_perms(myrelid, rel->rd_rel);
-		truncate_check_activity(rel);
-
+		truncate_check_rel(rel);
 		rels = lappend(rels, rel);
 		relids = lappend_oid(relids, myrelid);
 
@@ -1088,15 +1082,7 @@ ExecuteTruncate(TruncateStmt *stmt)
 					continue;
 				}
 
-				/*
-				 * Inherited TRUNCATE commands perform access
-				 * permission checks on the parent table only.
-				 * So we skip checking the children's permissions
-				 * and don't call truncate_check_perms() here.
-				 */
-				truncate_check_rel(RelationGetRelid(rel), rel->rd_rel);
-				truncate_check_activity(rel);
-
+				truncate_check_rel(rel);
 				rels = lappend(rels, rel);
 				relids = lappend_oid(relids, childrelid);
 			}
@@ -1130,9 +1116,7 @@ ExecuteTruncate(TruncateStmt *stmt)
 				ereport(NOTICE,
 						(errmsg("truncate cascades to table \"%s\"",
 								RelationGetRelationName(rel))));
-				truncate_check_rel(relid, rel->rd_rel);
-				truncate_check_perms(relid, rel->rd_rel);
-				truncate_check_activity(rel);
+				truncate_check_rel(rel);
 				rels = lappend(rels, rel);
 				relids = lappend_oid(relids, relid);
 			}
@@ -1340,45 +1324,30 @@ ExecuteTruncate(TruncateStmt *stmt)
  * Check that a given rel is safe to truncate.  Subroutine for ExecuteTruncate
  */
 static void
-truncate_check_rel(Oid relid, Form_pg_class reltuple)
+truncate_check_rel(Relation rel)
 {
-	char	   *relname = NameStr(reltuple->relname);
+	AclResult	aclresult;
 
 	/* Only allow truncate on regular tables */
-	if (reltuple->relkind != RELKIND_RELATION)
+	if (rel->rd_rel->relkind != RELKIND_RELATION)
 		ereport(ERROR,
 				(errcode(ERRCODE_WRONG_OBJECT_TYPE),
-				 errmsg("\"%s\" is not a table", relname)));
+				 errmsg("\"%s\" is not a table",
+						RelationGetRelationName(rel))));
 
-	if (!allowSystemTableMods && IsSystemClass(relid, reltuple))
+	/* Permissions checks */
+	aclresult = pg_class_aclcheck(RelationGetRelid(rel), GetUserId(),
+								  ACL_TRUNCATE);
+	if (aclresult != ACLCHECK_OK)
+		aclcheck_error(aclresult, ACL_KIND_CLASS,
+					   RelationGetRelationName(rel));
+
+	if (!allowSystemTableMods && IsSystemRelation(rel))
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("permission denied: \"%s\" is a system catalog",
-						relname)));
-}
-
-/*
- * Check that current user has the permission to truncate given relation.
- */
-static void
-truncate_check_perms(Oid relid, Form_pg_class reltuple)
-{
-	char	   *relname = NameStr(reltuple->relname);
-	AclResult	aclresult;
-
-	/* Permissions checks */
-	aclresult = pg_class_aclcheck(relid, GetUserId(), ACL_TRUNCATE);
-	if (aclresult != ACLCHECK_OK)
-		aclcheck_error(aclresult, ACL_KIND_CLASS, relname);
-}
+						RelationGetRelationName(rel))));
 
-/*
- * Set of extra sanity checks to check if a given relation is safe to
- * truncate.
- */
-static void
-truncate_check_activity(Relation rel)
-{
 	/*
 	 * Don't allow truncate on temp tables of other backends ... their local
 	 * buffer manager is not going to cope.
author	Fujii Masao <fujii@postgresql.org>	2020-02-03 12:43:51 +0900
committer	Fujii Masao <fujii@postgresql.org>	2020-02-03 12:43:51 +0900
commit	dc06d0839a330d2a51ae10d1a168312b9daf7b0a (patch)
tree	f53c3df08fc424fbf670476e58919f5edd4504f8 /src/backend
parent	a5f45c3dd3b569de07e9adf049e748c6a3a896a5 (diff)
download	postgresql-dc06d0839a330d2a51ae10d1a168312b9daf7b0a.tar.gz postgresql-dc06d0839a330d2a51ae10d1a168312b9daf7b0a.zip