database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-07 19:06:32 +03:00
Code Activity

Remove the SECURITY_ROW_LEVEL_DISABLED security context bit.

Browse Source 
This commit's parent made superfluous the bit's sole usage.  Referential
integrity checks have long run as the subject table's owner, and that
now implies RLS bypass.  Safe use of the bit was tricky, requiring
strict control over the SQL expressions evaluating therein.  Back-patch
to 9.5, where the bit was introduced.

Based on a patch by Stephen Frost.
This commit is contained in:
Noah Misch
2015-09-20 20:47:17 -04:00
parent 537bd178c7
commit 7f11724bd6
6 changed files with 4 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/backend/utils/misc/rls.c
View File

@@ -63,13 +63,6 @@ check_enable_rls(Oid relid, Oid checkAsUser, bool noError)
if (relid < FirstNormalObjectId)
return RLS_NONE;
/*
* Check if we have been told to explicitly skip RLS (perhaps because this
* is a foreign key check)
*/
if (InRowLevelSecurityDisabled())
return RLS_NONE;
tuple = SearchSysCache1(RELOID, ObjectIdGetDatum(relid));
if (!HeapTupleIsValid(tuple))
return RLS_NONE;