Remove the SECURITY_ROW_LEVEL_DISABLED security context bit. This commit's parent made superfluous the bit's sole usage. Referential integrity checks have long run as the subject table's owner, and that now implies RLS bypass. Safe use of the bit was tricky, requiring strict control over the SQL expressions evaluating therein. Back-patch to 9.5, where the bit was introduced.
Based on a patch by Stephen Frost. Branch ------ REL9_5_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/bbdb9dfbc3c722b4c811c5cbfa03ce79b7b74824 Modified Files -------------- src/backend/utils/adt/ri_triggers.c | 17 +---------------- src/backend/utils/cache/plancache.c | 12 ++---------- src/backend/utils/init/miscinit.c | 14 +------------- src/backend/utils/misc/rls.c | 7 ------- src/include/miscadmin.h | 2 -- src/include/utils/plancache.h | 1 - 6 files changed, 4 insertions(+), 49 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
