Comparing changes

The view maintenance is performed under the view owner privilege. If a modified table has a RLS policy, the policy must be applied to relation for the pre-update-state table and the delta table that contained inserted or deleted tuples. Previously, the security quals were set to each ENR in a subquery that represents such relation. However, the security check on the delta table was not properly handled, and this caused that rows that must not be accessed from the view owner could appear in the view contents when the view was refreshed incrementally during a query containing multiple types of commands, like a modifying CTE that contains INSERT and UPDATE, or a MERGE command. This patch fixes it by setting RLS policy to a subquery that presents the pre-update-state table and the delta able instead of to each RLS. Also, this change makes the code more simple and easy to maintain. CVE-2023-22847

Previously, functions names in pg_catalog schema that were used during view maintenance were not qualified. This is problematic because functions in other schema could be referenced unintentionally. Moreover, that could result in privilege escalation that if a nefarious user who can create a function, arbitrary functions could be executed under IMMV owner's privilege. CVE-2023-23554

Cached plans for recalculating min/max values are built using pg_ivm_get_viewdef() that returns the view definition query text. Therefore, if the search_path is changed, the query text is analyzed again by SPI, and tables or functions in a wrong schema could be referenced in the plan. To fix this, we check whether the search_path is still the same as when we made the cached plan and, if it isn't, we rebuild the query text. CVE-2023-23554

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Comparing changes

Open a pull request

Commits on Mar 2, 2023

This comparison is taking too long to generate.

Uh oh!