upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-18 10:09:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
57571 commits 38 branches 674 tags 839 MiB
C 84.9%
PLpgSQL 6.1%
Perl 4.7%
Yacc 1.2%
Meson 0.7%
Other 2.2%
Find a file
Dean Rasheed 7e86da539d Fix security checks in selectivity estimation functions. 
Commit e2d4ef8de8 (the fix for CVE-2017-7484) added security checks
to the selectivity estimation functions to prevent them from running
user-supplied operators on data obtained from pg_statistic if the user
lacks privileges to select from the underlying table. In cases
involving inheritance/partitioning, those checks were originally
performed against the child RTE (which for plain inheritance might
actually refer to the parent table). Commit 553d2ec271 then extended
that to also check the parent RTE, allowing access if the user had
permissions on either the parent or the child. It turns out, however,
that doing any checks using the child RTE is incorrect, since
securityQuals is set to NULL when creating an RTE for an inheritance
child (whether it refers to the parent table or the child table), and
therefore such checks do not correctly account for any RLS policies or
security barrier views. Therefore, do the security checks using only
the parent RTE. This is consistent with how RLS policies are applied,
and the executor's ACL checks, both of which use only the parent
table's permissions/policies. Similar checks are performed in the
extended stats code, so update that in the same way, centralizing all
the checks in a new function.

In addition, note that these checks by themselves are insufficient to
ensure that the user has access to the table's data because, in a
query that goes via a view, they only check that the view owner has
permissions on the underlying table, not that the current user has
permissions on the view itself. In the selectivity estimation
functions, there is no easy way to navigate from underlying tables to
views, so add permissions checks for all views mentioned in the query
to the planner startup code. If the user lacks permissions on a view,
a permissions error will now be reported at planner-startup, and the
selectivity estimation functions will not be run.

Checking view permissions at planner-startup in this way is a little
ugly, since the same checks will be repeated at executor-startup.
Longer-term, it might be better to move all the permissions checks
from the executor to the planner so that permissions errors can be
reported sooner, instead of creating a plan that won't ever be run.
However, such a change seems too far-reaching to be back-patched.

Back-patch to all supported versions. In v13, there is the added
complication that UPDATEs and DELETEs on inherited target tables are
planned using inheritance_planner(), which plans each inheritance
child table separately, so that the selectivity estimation functions
do not know that they are dealing with a child table accessed via its
parent. Handle that by checking access permissions on the top parent
table at planner-startup, in the same way as we do for views. Any
securityQuals on the top parent table are moved down to the child
tables by inheritance_planner(), so they continue to be checked by the
selectivity estimation functions.

Author: Dean Rasheed <dean.a.rasheed@gmail.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Reviewed-by: Noah Misch <noah@leadboat.com>
Backpatch-through: 13
Security: CVE-2025-8713
2025-08-11 09:10:17 +01:00
config Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:41 -04:00
contrib Fix incorrect lack of Datum conversion in _int_matchsel() 2025-08-08 12:10:52 +02:00
doc Release notes for 17.6, 16.10, 15.14, 14.19, 13.22. 2025-08-10 16:31:53 -04:00
src Fix security checks in selectivity estimation functions. 2025-08-11 09:10:17 +01:00
.cirrus.star ci: Prepare to make compute resources for CI configurable 2023-08-23 15:15:28 -07:00
.cirrus.tasks.yml Update ICU C++ API symbols 2025-08-07 17:14:39 +07:00
.cirrus.yml ci: Make compute resources for CI configurable 2023-08-23 15:15:28 -07:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add .editorconfig 2019-12-18 09:13:13 +01:00
.git-blame-ignore-revs Add b334612b8 to .git-blame-ignore-revs. 2023-06-20 09:52:52 -04:00
.gitattributes Exclude LLVM files from whitespace checks 2024-11-27 11:09:38 +01:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Fix ./configure checks with __cpuidex() and __cpuid() 2025-07-30 11:55:49 +09:00
configure.ac Fix ./configure checks with __cpuidex() and __cpuid() 2025-07-30 11:55:49 +09:00
COPYRIGHT Align organization wording in copyright statement 2025-05-16 11:20:07 -04:00
GNUmakefile.in Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Dynamically find correct installation docs in Makefile. 2022-01-19 14:48:25 +01:00
meson.build meson: Fix meson warning 2025-06-22 14:15:40 +02:00
meson_options.txt meson: Attach colon to keyword argument 2023-06-29 12:53:41 +02:00
README Canonicalize some URLs 2020-02-10 20:47:50 +01:00
README.git Canonicalize some URLs 2020-02-10 20:47:50 +01:00

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	https://www.postgresql.org/download/

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
https://www.postgresql.org/download/.  For more information look at our
web site located at https://www.postgresql.org/.