On Sun, Jan 3, 2016 at 7:01 PM, Peter Geoghegan <p...@heroku.com> wrote: > I would also advise only referencing a single relation within the > SELECT FOR UPDATE.
To state what may be obvious: We should recommend that SELECT FOR SHARE appear in the CREATE POLICY USING qual as part of this workaround (not SELECT FOR UPDATE), because there is no need for anything stronger than that. We only need to prevent the admin updating a referenced-in-using-qual tuple in a way that allows a malicious user to exploit an inconsistency in tuple visibility during EPQ rechec. (Using SELECT FOR KEY SHARE would not reliably workaround the underlying issue, though.) -- Peter Geoghegan -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
