diff options
Diffstat (limited to 'src/backend/executor/execMain.c')
| -rw-r--r-- | src/backend/executor/execMain.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/src/backend/executor/execMain.c b/src/backend/executor/execMain.c index e1ae67f10d7..7908458c5e3 100644 --- a/src/backend/executor/execMain.c +++ b/src/backend/executor/execMain.c @@ -26,7 +26,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.280.2.3 2008/08/08 17:01:26 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/executor/execMain.c,v 1.280.2.4 2009/12/09 21:58:29 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -2444,6 +2444,11 @@ OpenIntoRel(QueryDesc *queryDesc) DR_intorel *myState; /* + * XXX This code needs to be kept in sync with DefineRelation(). + * Maybe we should try to use that function instead. + */ + + /* * Check consistency of arguments */ if (parseTree->intoOnCommit != ONCOMMIT_NOOP && !parseTree->into->istemp) @@ -2452,6 +2457,16 @@ OpenIntoRel(QueryDesc *queryDesc) errmsg("ON COMMIT can only be used on temporary tables"))); /* + * Security check: disallow creating temp tables from security-restricted + * code. This is needed because calling code might not expect untrusted + * tables to appear in pg_temp at the front of its search path. + */ + if (parseTree->into->istemp && InSecurityRestrictedOperation()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("cannot create temporary table within security-restricted operation"))); + + /* * Find namespace to create in, check its permissions */ intoName = parseTree->into->relname; |