diff options
Diffstat (limited to 'src/backend/executor/execMain.c')
| -rw-r--r-- | src/backend/executor/execMain.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index 1fddf10bc9a..fb8dea18ee6 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -26,7 +26,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.326 2009/06/11 20:46:11 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.326.2.1 2009/12/09 21:58:04 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -2852,6 +2852,11 @@ OpenIntoRel(QueryDesc *queryDesc) Assert(into); /* + * XXX This code needs to be kept in sync with DefineRelation(). + * Maybe we should try to use that function instead. + */ + + /* * Check consistency of arguments */ if (into->onCommit != ONCOMMIT_NOOP && !into->rel->istemp) @@ -2860,6 +2865,16 @@ OpenIntoRel(QueryDesc *queryDesc) errmsg("ON COMMIT can only be used on temporary tables"))); /* + * Security check: disallow creating temp tables from security-restricted + * code. This is needed because calling code might not expect untrusted + * tables to appear in pg_temp at the front of its search path. + */ + if (into->rel->istemp && InSecurityRestrictedOperation()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("cannot create temporary table within security-restricted operation"))); + + /* * Find namespace to create in, check its permissions */ intoName = into->rel->relname; |