rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-10-02 20:16:51 +02:00
Code Issues Packages Projects Releases Wiki Activity
7b4bfc87d5
postgresql/doc/src/sgml
History
Joe Conway 7b4bfc87d5 Plug RLS related information leak in pg_stats view. 
The pg_stats view is supposed to be restricted to only show rows
about tables the user can read. However, it sometimes can leak
information which could not otherwise be seen when row level security
is enabled. Fix that by not showing pg_stats rows to users that would
be subject to RLS on the table the row is related to. This is done
by creating/using the newly introduced SQL visible function,
row_security_active().

Along the way, clean up three call sites of check_enable_rls(). The second
argument of that function should only be specified as other than
InvalidOid when we are checking as a different user than the current one,
as in when querying through a view. These sites were passing GetUserId()
instead of InvalidOid, which can cause the function to return incorrect
results if the current user has the BYPASSRLS privilege and row_security
has been set to OFF.

Additionally fix a bug causing RI Trigger error messages to unintentionally
leak information when RLS is enabled, and other minor cleanup and
improvements. Also add WITH (security_barrier) to the definition of pg_stats.

Bumped CATVERSION due to new SQL functions and pg_stats view definition.

Back-patch to 9.5 where RLS was introduced. Reported by Yaroslav.
Patch by Joe Conway and Dean Rasheed with review and input by
Michael Paquier and Stephen Frost.
2015-07-28 13:21:22 -07:00
..
ref Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
.gitignore
acronyms.sgml
adminpack.sgml
advanced.sgml
arch-dev.sgml
array.sgml Improve documentation about array concat operator vs. underlying functions. 2015-07-09 18:50:31 -04:00
auth-delay.sgml doc: Fix DocBook XML validity 2014-05-06 21:28:58 -04:00
auto-explain.sgml Fix failure of contrib/auto_explain to print per-node timing information. 2014-09-19 13:19:27 -04:00
backup.sgml Fix typos 2015-06-08 15:37:42 -03:00
bgworker.sgml Add new function BackgroundWorkerInitializeConnectionByOid. 2015-02-02 16:23:59 -05:00
biblio.sgml
bki.sgml Allow forcing nullness of columns during bootstrap. 2015-02-21 22:31:54 +01:00
brin.sgml Improve BRIN documentation somewhat 2015-07-20 12:16:40 +02:00
btree-gin.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
btree-gist.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
catalogs.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
charset.sgml Docs: fix erroneous claim about max byte length of GB18030. 2015-05-14 14:59:00 -04:00
chkpass.sgml
citext.sgml citext's regexp_matches() functions weren't documented, either. 2015-05-05 16:11:01 -04:00
client-auth.sgml Fix docs typo 2015-05-16 13:28:26 -04:00
config.sgml Remove ssl renegotiation support. 2015-07-28 22:06:31 +02:00
contacts.sgml
contrib-spi.sgml
contrib.sgml Remove *pgaudit* references also. 2015-05-28 13:02:09 -04:00
cube.sgml
custom-scan.sgml Improve handling of CustomPath/CustomPlan(State) children. 2015-06-26 09:40:47 -04:00
datatype.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
datetime.sgml Support timezone abbreviations that sometimes change. 2014-10-16 15:22:10 -04:00
dblink.sgml
ddl.sgml Fix misspellings 2015-04-24 12:00:49 -04:00
dfunc.sgml doc: Reflect renaming of Mac OS X to OS X 2014-09-09 13:56:29 -04:00
dict-int.sgml
dict-xsyn.sgml
diskusage.sgml
dml.sgml
docguide.sgml doc: Check DocBook XML validity during the build 2014-10-21 14:46:38 -04:00
earthdistance.sgml
ecpg.sgml Fixed array handling in ecpg. 2015-02-10 12:04:10 +01:00
errcodes.sgml
event-trigger.sgml Mention table_rewrite as valid event trigger tag 2015-07-15 17:10:54 +03:00
extend.sgml Fix pg_dump handling of extension config tables 2015-03-02 14:12:21 -05:00
external-projects.sgml
fdwhandler.sgml Add support for doing late row locking in FDWs. 2015-05-12 14:10:17 -04:00
features.sgml
file-fdw.sgml
filelist.sgml First draft of 9.5 release notes 2015-06-11 00:09:32 -04:00
fixrtf
func.sgml Plug RLS related information leak in pg_stats view. 2015-07-28 13:21:22 -07:00
fuzzystrmatch.sgml
generate-errcodes-table.pl Update copyright for 2015 2015-01-06 11:43:47 -05:00
geqo.sgml
gin.sgml Rename pending_list_cleanup_size to gin_pending_list_limit. 2014-11-13 12:14:48 +09:00
gist.sgml Remove no-longer-required function declarations. 2015-05-24 12:20:23 -04:00
high-availability.sgml Put back stats-collector restarting code, removed accidentally. 2015-05-18 10:20:30 +03:00
history.sgml
hstore.sgml Add transforms feature 2015-04-26 10:33:14 -04:00
indexam.sgml Add support for index-only scans in GiST. 2015-03-26 19:12:00 +02:00
indices.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
info.sgml
information_schema.sgml Add transforms feature 2015-04-26 10:33:14 -04:00
install-windows.sgml Add new target modulescheck in vcregress.pl 2015-04-16 23:39:52 -03:00
installation.sgml doc: Update installation instructions for new shared libperl/libpython handling 2015-05-05 14:41:39 -04:00
intagg.sgml
intarray.sgml
intro.sgml
isn.sgml Update URL reference material in /contrib/isn docs 2014-09-03 17:22:20 -04:00
jadetex.cfg
json.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
keywords.sgml Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. 2015-05-08 05:43:10 +02:00
legal.sgml Update copyright for 2015 2015-01-06 11:43:47 -05:00
libpq.sgml Fix another broken link in documentation. 2015-07-09 16:03:06 +03:00
lo.sgml
lobj.sgml Update copyright for 2015 2015-01-06 11:43:47 -05:00
logicaldecoding.sgml Fix typos in comments 2015-05-17 14:58:04 +02:00
ltree.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
maintenance.sgml Increase threshold for multixact member emergency autovac to 50%. 2015-05-11 12:15:50 -04:00
Makefile doc: Call xmllint for validity also in the fop build 2015-06-10 19:54:28 -04:00
manage-ag.sgml
mk_feature_tables.pl
monitoring.sgml Add system view pg_stat_ssl 2015-04-12 19:07:46 +02:00
mvcc.sgml docs: add "serialization anomaly" to transaction isolation table 2015-05-11 12:02:10 -04:00
nls.sgml
notation.sgml
oid2name.sgml
pageinspect.sgml Improve documentation of bt_page_items(). 2015-03-12 14:18:26 -04:00
passwordcheck.sgml
perform.sgml Allow foreign tables to participate in inheritance. 2015-03-22 13:53:21 -04:00
pgbuffercache.sgml Add pinning_backends column to the pg_buffercache extension. 2014-08-22 00:28:37 +02:00
pgcrypto.sgml pgcrypto: Report errant decryption as "Wrong key or corrupt data". 2015-05-18 10:02:31 -04:00
pgfreespacemap.sgml doc: Fix DocBook XML validity 2014-05-06 21:28:58 -04:00
pgprewarm.sgml Fix whitespace 2014-07-08 23:29:25 -04:00
pgrowlocks.sgml
pgstandby.sgml
pgstatstatements.sgml doc: adjust ordering of pg_stat_statement paragraphs 2015-05-09 14:11:31 -04:00
pgstattuple.sgml Correct the names of pgstattuple_approx output columns in the doc. 2015-05-21 20:51:52 +09:00
pgtrgm.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
planstats.sgml
plhandler.sgml
plperl.sgml doc: Fix DocBook XML validity 2014-05-06 21:28:58 -04:00
plpgsql.sgml Add support for INSERT ... ON CONFLICT DO NOTHING/UPDATE. 2015-05-08 05:43:10 +02:00
plpython.sgml PL/Python: Fix example 2014-11-01 11:31:35 -04:00
pltcl.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
postgres-fdw.sgml Explain CHECK constraint handling in postgres_fdw's IMPORT FOREIGN SCHEMA. 2015-05-25 14:13:02 -04:00
postgres.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
problems.sgml
protocol.sgml Code + docs review for escaping of option values (commit 11a020eb6). 2015-06-29 12:42:52 -04:00
queries.sgml Support GROUPING SETS, CUBE and ROLLUP. 2015-05-16 03:46:31 +02:00
query.sgml
rangetypes.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
README.links
recovery-config.sgml Remove docs missed in 51c11a7025. 2015-03-17 23:25:52 +01:00
reference.sgml Add transforms feature 2015-04-26 10:33:14 -04:00
regress.sgml Lock down regression testing temporary clusters on Windows. 2014-12-17 22:48:40 -05:00
release-7.4.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
release-8.0.sgml
release-8.1.sgml
release-8.2.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
release-8.3.sgml Fix recovery_command -> restore_command typo in 8.3 release notes. 2015-02-24 14:41:54 +02:00
release-8.4.sgml Release notes for 9.3.5, 9.2.9, 9.1.14, 9.0.18, 8.4.22. 2014-07-21 14:59:17 -04:00
release-9.0.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.1.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.2.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.3.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.4.sgml Release notes for 9.4.4, 9.3.9, 9.2.13, 9.1.18, 9.0.22. 2015-06-09 14:33:43 -04:00
release-9.5.sgml Release note compatibility item 2015-07-17 21:14:14 -04:00
release-old.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
release.sgml First draft of 9.5 release notes 2015-06-11 00:09:32 -04:00
replication-origins.sgml Honor traditional SGML NAMELEN limit. 2015-05-14 22:34:28 -04:00
rowtypes.sgml
rules.sgml Improve qual pushdown for RLS and SB views 2015-04-27 12:29:42 -04:00
runtime.sgml Fix broken link in documentation. 2015-06-30 18:47:32 -04:00
seg.sgml
sepgsql.sgml doc: Fix DocBook XML validity 2014-05-06 21:28:58 -04:00
sourcerepo.sgml
sources.sgml
spgist.sgml
spi.sgml doc: Spell checking 2014-07-16 22:48:11 -04:00
sql.sgml Implement SKIP LOCKED for row-level locks 2014-10-07 17:23:34 -03:00
sslinfo.sgml doc: Fix DocBook XML validity 2014-05-06 21:28:58 -04:00
standalone-install.sgml
start.sgml
storage.sgml Support "expanded" objects, particularly arrays, for better performance. 2015-05-14 12:08:49 -04:00
stylesheet-common.xsl
stylesheet-fo.xsl doc: Fix PDF build with FOP 2015-06-03 20:19:47 -04:00
stylesheet-hh.xsl
stylesheet-man.xsl doc: Work around stylesheet bug for man build 2014-08-17 09:10:28 -04:00
stylesheet.css
stylesheet.dsl doc: Move website-stylesheet setting to a more appropriate location 2014-12-11 21:48:01 -05:00
stylesheet.xsl
syntax.sgml Fix incorrect markup in documentation of window frame clauses. 2015-03-31 20:02:40 -04:00
tablefunc.sgml
tablesample-method.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
tcn.sgml
test-decoding.sgml doc: Fix spacing in verbatim environments 2014-07-08 11:39:36 -04:00
textsearch.sgml docs: consistently uppercase index method and add spacing 2015-05-15 11:42:34 -04:00
trigger.sgml Remove no-longer-required function declarations. 2015-05-24 12:20:23 -04:00
tsearch2.sgml
tsm-system-rows.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
tsm-system-time.sgml Redesign tablesample method API, and do extensive code review. 2015-07-25 14:39:00 -04:00
typeconv.sgml Use standard casting mechanism to convert types in plpgsql, when possible. 2015-03-04 11:04:30 -05:00
unaccent.sgml Allow multi-character source strings in contrib/unaccent. 2014-06-30 21:46:29 -04:00
user-manag.sgml
uuid-ossp.sgml doc: Reflect renaming of Mac OS X to OS X 2014-09-09 13:56:29 -04:00
vacuumlo.sgml
wal.sgml Also trigger restartpoints based on max_wal_size on standby. 2015-06-29 00:09:10 +03:00
xaggr.sgml Support arrays as input to array_agg() and ARRAY(SELECT ...). 2014-11-25 12:21:28 -05:00
xfunc.sgml doc: list bigint as mapping to int8 and int64 2015-05-14 17:37:59 -04:00
xindex.sgml doc: Spell checking 2014-07-16 22:48:11 -04:00
xml2.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
xoper.sgml doc: Various typo/grammar fixes 2014-08-30 10:52:36 -05:00
xplang.sgml
xtypes.sgml Support "expanded" objects, particularly arrays, for better performance. 2015-05-14 12:08:49 -04:00

README.links 

<!-- doc/src/sgml/README.links -->

Linking within SGML documents can be confusing, so here is a summary:


Intra-document Linking
----------------------

<xref>
	use to get chapter/section number from the title of the target
	link, or xreflabel if defined at the target, or refentrytitle if target
        is a refentry;  has no close tag
	http://www.oasis-open.org/docbook/documentation/reference/html/xref.html

<link>
	use to supply text for the link, requires </link>
	http://www.oasis-open.org/docbook/documentation/reference/html/link.html

linkend=
	controls the target of the link/xref, required

endterm=
	for <xref>, allows the text of the link/xref to be taken from a
	different link target title


External Linking
----------------

<ulink>
	like <link>, but uses a URL (not a document target);  requires
	</ulink>; if no text is specified, the URL appears as the link
	text
	http://www.oasis-open.org/docbook/documentation/reference/html/ulink.html

url=
	used by <ulink> to specify the URL, required


Guidelines
----------

o  If you want to supply text, use <link>, else <xref>
o  Do not use text with <ulink> so the URL appears in printed output
o  Specific nouns like GUC variables, SQL commands, and contrib modules
   usually have xreflabels