BUG #18496: Strange Handling for Circular Views and Permissions in PostgreSQL

Поиск
Список
Период
Сортировка
От PG Bug reporting form
Тема BUG #18496: Strange Handling for Circular Views and Permissions in PostgreSQL
Дата
Msg-id 18496-62ecca730bfdfceb@postgresql.org
обсуждение исходный текст
Ответы Re: BUG #18496: Strange Handling for Circular Views and Permissions in PostgreSQL
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      18496
Logged by:          Jingzhou Fu
Email address:      fuboat@outlook.com
PostgreSQL version: 17beta1
Operating system:   Ubuntu 20.04, docker image postgres:17beta1
Description:

When a user without SELECT permissions tries to perform a select operation
on a circular view, PostgreSQL will report an error saying "infinite
recursion detected in rules for relation v2" instead of "permission denied
for view v2". Is this a bug or an unexpected behavior? The statements to
reproduce are:


-- connect with the superuser 'postgres'
CREATE VIEW v2 as SELECT 1;
CREATE VIEW v1 as SELECT * FROM v2;
CREATE OR REPLACE VIEW v2 AS SELECT * FROM v1;
SELECT * FROM v2;
CREATE USER user_name WITH PASSWORD 'password';
SET SESSION AUTHORIZATION user_name;
SELECT * FROM v2;
-- Output: ERROR:  infinite recursion detected in rules for relation "v2"
-- Maybe Expected? ERROR:  permission denied for view v2


Regardless, a circular view is an invalid view and should not appear in
normal scenarios, so reporting this error message does not have any negative
impact. However, should this error take precedence over the SELECT
permission error, and could some important error messages potentially be
leaked in this way to users without permissions?

Here is the full result on PostgreSQL 17beta1:


postgres=# create view v2 as select 1;
postgres=# create view v1 as select * from v2;
postgres=# CREATE OR REPLACE VIEW v2 AS select * from v1;
postgres=# select * from v2;
ERROR:  infinite recursion detected in rules for relation "v2"
postgres=# CREATE USER user_name WITH PASSWORD 'password';
postgres=# SET SESSION AUTHORIZATION user_name;
postgres=> select * from v2;
ERROR:  infinite recursion detected in rules for relation "v2"
postgres=> select * from v1;
ERROR:  infinite recursion detected in rules for relation "v1"
postgres=> SET SESSION AUTHORIZATION postgres;
postgres=# create or replace view v2 as select 1;
postgres=# SET SESSION AUTHORIZATION user_name;
postgres=> select * from v1;
ERROR:  permission denied for view v1
postgres=> select * from v2;
ERROR:  permission denied for view v2


Thank you!

Best wishes,
Jingzhou Fu

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Bertrand Drouvot
Дата:
Сообщение: Re: error "can only drop stats once" brings down database
Следующее
От: Baran Kurtboğan
Дата:
Сообщение: Re: BUG #18494: hstore data type not recognized by Npgsql in PostgreSQL 16.3