projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab49ce7) | patch
In REFRESH MATERIALIZED VIEW, set user ID before running user code.
authorNoah Misch <[email protected]>
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
committerNoah Misch <[email protected]>
Mon, 9 May 2022 15:35:12 +0000 (08:35 -0700)
commit677a494789062ca88e0142a17bedd5415f6ab0aa
tree6e6a040df51c9fafd3c3295d0ccdf210c5510866tree
parentab49ce7c3414ac19e4afb386d7843ce2d2fb8bdacommit | diff
In REFRESH MATERIALIZED VIEW, set user ID before running user code.

It intended to, but did not, achieve this.  Adopt the new standard of
setting user ID just after locking the relation.  Back-patch to v10 (all
supported versions).

Reviewed by Simon Riggs.  Reported by Alvaro Herrera.

Security: CVE-2022-1552
src/backend/commands/matview.c diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
This is the main PostgreSQL git repository.