> On Jun 30, 2026, at 16:00, Chao Li <[email protected]> wrote: > > > >> On Jun 30, 2026, at 15:51, Ayush Tiwari <[email protected]> wrote: >> >> Hi, >> >> On Tue, 30 Jun 2026 at 13:16, Chao Li <[email protected]> wrote: >> Hi, >> >> While revisiting “[8e72d914c] Add UPDATE/DELETE FOR PORTION OF”, I found a >> new issue where inserting leftover rows may skip row-level security checks. >> >> Please see if it is the same as this: PostgreSQL: Enforce INSERT RLS checks >> for FOR PORTION OF leftovers? >> >> If yes, it is already present in the PG 19 open list. >> >> Regards, >> Ayush > > Thanks for pointing that out. I didn’t notice that thread. > > Yes, that’s the same issue. I saw Paul wrote this there: > ``` > Skipping the RLS checks to insert the leftovers seems like the correct > behavior to me, since we are skipping the ACL checks (per the > standard). Shouldn't it be consistent? > I think the reason we skip the checks is that semantically, the > leftovers aren't changing anything: they are preserving the history > that is already there. > ``` > > That explains why the ACL checks are skipped as stated in the doc, but I > don’t think the same reasoning should apply to RLS checks. As I explained in > my patch email, for example, directly inserting [70,100) is blocked by policy > t_ins, but a user can work around that by inserting [1,100) and then updating > [30,70), which seems like a security hole. >
I just noticed that I forgot the attached again. Best regards, -- Chao Li (Evan) HighGo Software Co., Ltd. https://www.highgo.com/
v1-0001-Fix-RLS-checks-for-FOR-PORTION-OF-leftover-rows.patch
Description: Binary data
