* Robert Haas (robertmh...@gmail.com) wrote: > On Thu, Nov 27, 2014 at 2:03 AM, Stephen Frost <sfr...@snowman.net> wrote: > > Alright, I've done the change to use the RangeVar from CopyStmt, but > > also added a check wherein we verify that the relation's OID returned > > from the planned query is the same as the relation's OID that we did the > > RLS check on- if they're different, we throw an error. Please let me > > know if there are any remaining concerns. > > That's clearly an improvement, but I'm not sure it's water-tight. > What if the name that originally referenced a table ended up > referencing a view? Then you could get > list_length(plan->relationOids) != 1.
I'll test it out and see what happens. Certainly a good question and
if there's an issue there then I'll get it addressed.
> (And, in that case, I also wonder if you could get
> eval_const_expressions() to do evil things on your behalf while
> planning.)
If it can be made to reference a view then there's an issue as the view
might include a function call itself which is provided by the attacker..
I'm not sure that we have to really worry about anything more
complicated than that.
Clearly, if we found a relation originally then we need that same
relation with the same OID after the conversion to a query.
Thanks,
Stephen
signature.asc
Description: Digital signature
