diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2021-06-03 14:54:06 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2021-06-03 14:54:06 -0400 |
| commit | 3590680b85a8e51ef8df550e5a10dedd0d2dfd88 (patch) | |
| tree | d6e08b21c4ccb1ad59b7868f6b97ee38971a6e01 | |
| parent | 187682c3217375c9b70417bf3235790f639e8e7e (diff) | |
| download | postgresql-3590680b85a8e51ef8df550e5a10dedd0d2dfd88.tar.gz postgresql-3590680b85a8e51ef8df550e5a10dedd0d2dfd88.zip | |
Fix incorrect permissions on pg_subscription.
The documented intent is for all columns except subconninfo to be
publicly readable. However, this has been overlooked twice.
subsynccommit has never been readable since it was introduced,
nor has the oid column (which is important for joining).
Given the lack of previous complaints, it's not clear that it's
worth doing anything about this in the back branches. But there's
still time to fix it inexpensively for v14.
Per report from Israel Barth (via Euler Taveira).
Patch by Euler Taveira, possibly-vain comment updates by me.
Discussion: https://postgr.es/m/b8f7c17c-0041-46b6-acfe-2d1f5a985ab4@www.fastmail.com
| -rw-r--r-- | src/backend/catalog/system_views.sql | 5 | ||||
| -rw-r--r-- | src/include/catalog/catversion.h | 2 | ||||
| -rw-r--r-- | src/include/catalog/pg_subscription.h | 5 |
3 files changed, 8 insertions, 4 deletions
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index 5c84d758bb6..999d9840683 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -1252,7 +1252,8 @@ CREATE VIEW pg_replication_origin_status AS REVOKE ALL ON pg_replication_origin_status FROM public; --- All columns of pg_subscription except subconninfo are readable. +-- All columns of pg_subscription except subconninfo are publicly readable. REVOKE ALL ON pg_subscription FROM public; -GRANT SELECT (subdbid, subname, subowner, subenabled, subbinary, substream, subslotname, subpublications) +GRANT SELECT (oid, subdbid, subname, subowner, subenabled, subbinary, + substream, subslotname, subsynccommit, subpublications) ON pg_subscription TO public; diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 1fa30abb298..7b8084e2451 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202105272 +#define CATALOG_VERSION_NO 202106031 #endif diff --git a/src/include/catalog/pg_subscription.h b/src/include/catalog/pg_subscription.h index a5d6efdf205..0060ebfb409 100644 --- a/src/include/catalog/pg_subscription.h +++ b/src/include/catalog/pg_subscription.h @@ -34,7 +34,10 @@ * them to be able to start the workers, so we have to put them in a shared, * nailed catalog. * - * NOTE: When adding a column, also update system_views.sql. + * CAUTION: There is a GRANT in system_views.sql to grant public select + * access on all columns except subconninfo. When you add a new column + * here, be sure to update that (or, if the new column is not to be publicly + * readable, update associated comments and catalogs.sgml instead). */ CATALOG(pg_subscription,6100,SubscriptionRelationId) BKI_SHARED_RELATION BKI_ROWTYPE_OID(6101,SubscriptionRelation_Rowtype_Id) BKI_SCHEMA_MACRO { |