Ensure cached plans are correctly marked as dependent on role.
authorNathan Bossart <[email protected]>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
committerNathan Bossart <[email protected]>
Mon, 11 Nov 2024 15:00:00 +0000 (09:00 -0600)
commit448525e8a44080b6048e24f6942284b7eeae1a5c
treebdf92e4b8a5d53da9f26cd35818df04ef65555ea
parent2ab12d860e51e468703a2777b3759b7a61639df2
Ensure cached plans are correctly marked as dependent on role.

If a CTE, subquery, sublink, security invoker view, or coercion
projection references a table with row-level security policies, we
neglected to mark the plan as potentially dependent on which role
is executing it.  This could lead to later executions in the same
session returning or hiding rows that should have been hidden or
returned instead.

Reported-by: Wolfgang Walther
Reviewed-by: Noah Misch
Security: CVE-2024-10976
Backpatch-through: 12
src/backend/rewrite/rewriteHandler.c
src/test/regress/expected/rowsecurity.out
src/test/regress/sql/rowsecurity.sql
src/tools/pgindent/typedefs.list