diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/optimizer/util/clauses.c | 7 | ||||
| -rw-r--r-- | src/test/regress/expected/rowsecurity.out | 27 | ||||
| -rw-r--r-- | src/test/regress/sql/rowsecurity.sql | 20 |
3 files changed, 54 insertions, 0 deletions
diff --git a/src/backend/optimizer/util/clauses.c b/src/backend/optimizer/util/clauses.c index a9c7bc342ec..11269fee3ed 100644 --- a/src/backend/optimizer/util/clauses.c +++ b/src/backend/optimizer/util/clauses.c @@ -5205,6 +5205,13 @@ inline_set_returning_function(PlannerInfo *root, RangeTblEntry *rte) */ record_plan_function_dependency(root, func_oid); + /* + * We must also notice if the inserted query adds a dependency on the + * calling role due to RLS quals. + */ + if (querytree->hasRowSecurity) + root->glob->dependsOnRole = true; + return querytree; /* Here if func is not inlinable: release temp memory and return NULL */ diff --git a/src/test/regress/expected/rowsecurity.out b/src/test/regress/expected/rowsecurity.out index 38f53ed4868..e2783464208 100644 --- a/src/test/regress/expected/rowsecurity.out +++ b/src/test/regress/expected/rowsecurity.out @@ -4427,6 +4427,33 @@ SELECT * FROM rls_tbl; DROP TABLE rls_tbl; RESET SESSION AUTHORIZATION; +-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency +create table rls_t (c text); +insert into rls_t values ('invisible to bob'); +alter table rls_t enable row level security; +grant select on rls_t to regress_rls_alice, regress_rls_bob; +create policy p1 on rls_t for select to regress_rls_alice using (true); +create policy p2 on rls_t for select to regress_rls_bob using (false); +create function rls_f () returns setof rls_t + stable language sql + as $$ select * from rls_t $$; +prepare q as select current_user, * from rls_f(); +set role regress_rls_alice; +execute q; + current_user | c +-------------------+------------------ + regress_rls_alice | invisible to bob +(1 row) + +set role regress_rls_bob; +execute q; + current_user | c +--------------+--- +(0 rows) + +RESET ROLE; +DROP FUNCTION rls_f(); +DROP TABLE rls_t; -- -- Clean up objects -- diff --git a/src/test/regress/sql/rowsecurity.sql b/src/test/regress/sql/rowsecurity.sql index 0fd0cded7db..3d664538a69 100644 --- a/src/test/regress/sql/rowsecurity.sql +++ b/src/test/regress/sql/rowsecurity.sql @@ -2127,6 +2127,26 @@ SELECT * FROM rls_tbl; DROP TABLE rls_tbl; RESET SESSION AUTHORIZATION; +-- CVE-2023-2455: inlining an SRF may introduce an RLS dependency +create table rls_t (c text); +insert into rls_t values ('invisible to bob'); +alter table rls_t enable row level security; +grant select on rls_t to regress_rls_alice, regress_rls_bob; +create policy p1 on rls_t for select to regress_rls_alice using (true); +create policy p2 on rls_t for select to regress_rls_bob using (false); +create function rls_f () returns setof rls_t + stable language sql + as $$ select * from rls_t $$; +prepare q as select current_user, * from rls_f(); +set role regress_rls_alice; +execute q; +set role regress_rls_bob; +execute q; + +RESET ROLE; +DROP FUNCTION rls_f(); +DROP TABLE rls_t; + -- -- Clean up objects -- |