Add permission check for MERGE/SPLIT partition operations

Currently, we check only owner permission for the parent table before MERGE/SPLIT partition operations. This leads to a security hole when users can get access to the data of partitions without permission. This commit fixes this problem by requiring owner permission on all the partitions involved. Reported-by: Alexander Lakhin Discussion: https://postgr.es/m/0520c72e-8d97-245e-53f9-173beca2ab2e%40gmail.com Author: Dmitry Koval, Alexander Korotkov
2025-08-18 12:22:09 +03:00 · 2024-05-13 00:00:21 +03:00
parent cff4e5a36b
commit 3ca43dbbb6
5 changed files with 129 additions and 0 deletions
--- a/src/backend/parser/parse_utilcmd.c
+++ b/src/backend/parser/parse_utilcmd.c
@@ -3456,6 +3456,11 @@ checkPartition(Relation rel, Oid partRelOid)
 						RelationGetRelationName(partRel),
 						RelationGetRelationName(rel))));

+	/* Permissions checks */
+	if (!object_ownercheck(RelationRelationId, RelationGetRelid(partRel), GetUserId()))
+		aclcheck_error(ACLCHECK_NOT_OWNER, get_relkind_objtype(partRel->rd_rel->relkind),
+					   RelationGetRelationName(partRel));
+
 	relation_close(partRel, AccessShareLock);
 }