projects / users / rhaas / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a117ceb) | patch
In REFRESH MATERIALIZED VIEW, set user ID before running user code.
authorNoah Misch <noah@leadboat.com>
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
committerNoah Misch <noah@leadboat.com>
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
commit0abc1a059e27c5a71a1a186c97d9c0af407469cc
tree9aaf68f208afca144db2e45c6a8dbb9a26cdb2e4tree
parenta117cebd638dd02e5c2e791c25e43745f233111bcommit | diff
In REFRESH MATERIALIZED VIEW, set user ID before running user code.

It intended to, but did not, achieve this.  Adopt the new standard of
setting user ID just after locking the relation.  Back-patch to v10 (all
supported versions).

Reviewed by Simon Riggs.  Reported by Alvaro Herrera.

Security: CVE-2022-1552
src/backend/commands/matview.c diff | blob | blame | history
src/test/regress/expected/privileges.out diff | blob | blame | history
src/test/regress/sql/privileges.sql diff | blob | blame | history
Robert Haas's development tree.