Skip to content

Commit 0d9f307

Browse files
MasaoFujiiMasaoFujii
committed
Revert commit de01777.
This commit reverts the fix "Make inherited TRUNCATE perform access permission checks on parent table only" only in the back branches. It's not hard to imagine that there are some applications expecting the old behavior and the fix breaks their security. To avoid this compatibility problem, we decided to apply the fix only in HEAD and revert it in all supported back branches. Discussion: https://postgr.es/m/21015.1580400165@sss.pgh.pa.us
1 parent 24dd34a commit 0d9f307

File tree

3 files changed

+7
-60
lines changed

3 files changed

+7
-60
lines changed

src/backend/commands/tablecmds.c

Lines changed: 7 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -302,7 +302,6 @@ struct DropRelationCallbackState
302302
((child_is_partition) ? DEPENDENCY_AUTO : DEPENDENCY_NORMAL)
303303

304304
static void truncate_check_rel(Oid relid, Form_pg_class reltuple);
305-
static void truncate_check_perms(Oid relid, Form_pg_class reltuple);
306305
static void truncate_check_activity(Relation rel);
307306
static void RangeVarCallbackForTruncate(const RangeVar *relation,
308307
Oid relId, Oid oldRelId, void *arg);
@@ -1591,12 +1590,6 @@ ExecuteTruncate(TruncateStmt *stmt)
15911590
continue;
15921591
}
15931592

1594-
/*
1595-
* Inherited TRUNCATE commands perform access
1596-
* permission checks on the parent table only.
1597-
* So we skip checking the children's permissions
1598-
* and don't call truncate_check_perms() here.
1599-
*/
16001593
truncate_check_rel(RelationGetRelid(rel), rel->rd_rel);
16011594
truncate_check_activity(rel);
16021595

@@ -1683,7 +1676,6 @@ ExecuteTruncateGuts(List *explicit_rels, List *relids, List *relids_logged,
16831676
(errmsg("truncate cascades to table \"%s\"",
16841677
RelationGetRelationName(rel))));
16851678
truncate_check_rel(relid, rel->rd_rel);
1686-
truncate_check_perms(relid, rel->rd_rel);
16871679
truncate_check_activity(rel);
16881680
rels = lappend(rels, rel);
16891681
relids = lappend_oid(relids, relid);
@@ -1934,6 +1926,7 @@ ExecuteTruncateGuts(List *explicit_rels, List *relids, List *relids_logged,
19341926
static void
19351927
truncate_check_rel(Oid relid, Form_pg_class reltuple)
19361928
{
1929+
AclResult aclresult;
19371930
char *relname = NameStr(reltuple->relname);
19381931

19391932
/*
@@ -1947,27 +1940,17 @@ truncate_check_rel(Oid relid, Form_pg_class reltuple)
19471940
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
19481941
errmsg("\"%s\" is not a table", relname)));
19491942

1950-
if (!allowSystemTableMods && IsSystemClass(relid, reltuple))
1951-
ereport(ERROR,
1952-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1953-
errmsg("permission denied: \"%s\" is a system catalog",
1954-
relname)));
1955-
}
1956-
1957-
/*
1958-
* Check that current user has the permission to truncate given relation.
1959-
*/
1960-
static void
1961-
truncate_check_perms(Oid relid, Form_pg_class reltuple)
1962-
{
1963-
char *relname = NameStr(reltuple->relname);
1964-
AclResult aclresult;
1965-
19661943
/* Permissions checks */
19671944
aclresult = pg_class_aclcheck(relid, GetUserId(), ACL_TRUNCATE);
19681945
if (aclresult != ACLCHECK_OK)
19691946
aclcheck_error(aclresult, get_relkind_objtype(reltuple->relkind),
19701947
relname);
1948+
1949+
if (!allowSystemTableMods && IsSystemClass(relid, reltuple))
1950+
ereport(ERROR,
1951+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
1952+
errmsg("permission denied: \"%s\" is a system catalog",
1953+
relname)));
19711954
}
19721955

19731956
/*
@@ -14903,7 +14886,6 @@ RangeVarCallbackForTruncate(const RangeVar *relation,
1490314886
elog(ERROR, "cache lookup failed for relation %u", relId);
1490414887

1490514888
truncate_check_rel(relId, (Form_pg_class) GETSTRUCT(tuple));
14906-
truncate_check_perms(relId, (Form_pg_class) GETSTRUCT(tuple));
1490714889

1490814890
ReleaseSysCache(tuple);
1490914891
}

src/test/regress/expected/privileges.out

Lines changed: 0 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -695,27 +695,6 @@ SELECT tableoid FROM atestp2; -- ok
695695
----------
696696
(0 rows)
697697

698-
-- child's permissions do not apply when operating on parent
699-
SET SESSION AUTHORIZATION regress_priv_user1;
700-
REVOKE ALL ON atestc FROM regress_priv_user2;
701-
GRANT ALL ON atestp1 TO regress_priv_user2;
702-
SET SESSION AUTHORIZATION regress_priv_user2;
703-
SELECT f2 FROM atestp1; -- ok
704-
f2
705-
----
706-
(0 rows)
707-
708-
SELECT f2 FROM atestc; -- fail
709-
ERROR: permission denied for table atestc
710-
DELETE FROM atestp1; -- ok
711-
DELETE FROM atestc; -- fail
712-
ERROR: permission denied for table atestc
713-
UPDATE atestp1 SET f1 = 1; -- ok
714-
UPDATE atestc SET f1 = 1; -- fail
715-
ERROR: permission denied for table atestc
716-
TRUNCATE atestp1; -- ok
717-
TRUNCATE atestc; -- fail
718-
ERROR: permission denied for table atestc
719698
-- privileges on functions, languages
720699
-- switch to superuser
721700
\c -

src/test/regress/sql/privileges.sql

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -446,20 +446,6 @@ SELECT fy FROM atestp2; -- ok
446446
SELECT atestp2 FROM atestp2; -- ok
447447
SELECT tableoid FROM atestp2; -- ok
448448

449-
-- child's permissions do not apply when operating on parent
450-
SET SESSION AUTHORIZATION regress_priv_user1;
451-
REVOKE ALL ON atestc FROM regress_priv_user2;
452-
GRANT ALL ON atestp1 TO regress_priv_user2;
453-
SET SESSION AUTHORIZATION regress_priv_user2;
454-
SELECT f2 FROM atestp1; -- ok
455-
SELECT f2 FROM atestc; -- fail
456-
DELETE FROM atestp1; -- ok
457-
DELETE FROM atestc; -- fail
458-
UPDATE atestp1 SET f1 = 1; -- ok
459-
UPDATE atestc SET f1 = 1; -- fail
460-
TRUNCATE atestp1; -- ok
461-
TRUNCATE atestc; -- fail
462-
463449
-- privileges on functions, languages
464450

465451
-- switch to superuser

0 commit comments

Comments
 (0)