From a7107136445914dcfaee7fed4cf65314f73cc6b7 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 13 May 2009 22:32:55 +0000
Subject: [PATCH] Add checks to DefineQueryRewrite() to prohibit attaching
 rules to relations that aren't RELKIND_RELATION or RELKIND_VIEW, and to
 disallow attaching rules to system relations unless allowSystemTableMods is
 on.  This is to make the behavior of CREATE RULE more like CREATE TRIGGER,
 which disallows the comparable cases.  Per discussion of bug #4808.

---
 src/backend/rewrite/rewriteDefine.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/backend/rewrite/rewriteDefine.c b/src/backend/rewrite/rewriteDefine.c
index 03c5c5ae383..b1f8c6e3ff7 100644
--- a/src/backend/rewrite/rewriteDefine.c
+++ b/src/backend/rewrite/rewriteDefine.c
@@ -8,13 +8,14 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/rewrite/rewriteDefine.c,v 1.136 2009/01/27 12:40:15 petere Exp $
+ *	  $PostgreSQL: pgsql/src/backend/rewrite/rewriteDefine.c,v 1.137 2009/05/13 22:32:55 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
 #include "postgres.h"
 
 #include "access/heapam.h"
+#include "catalog/catalog.h"
 #include "catalog/dependency.h"
 #include "catalog/indexing.h"
 #include "catalog/namespace.h"
@@ -242,6 +243,22 @@ DefineQueryRewrite(char *rulename,
 	 */
 	event_relation = heap_open(event_relid, AccessExclusiveLock);
 
+	/*
+	 * Verify relation is of a type that rules can sensibly be applied to.
+	 */
+	if (event_relation->rd_rel->relkind != RELKIND_RELATION &&
+		event_relation->rd_rel->relkind != RELKIND_VIEW)
+		ereport(ERROR,
+				(errcode(ERRCODE_WRONG_OBJECT_TYPE),
+				 errmsg("\"%s\" is not a table or view",
+						RelationGetRelationName(event_relation))));
+
+	if (!allowSystemTableMods && IsSystemRelation(event_relation))
+		ereport(ERROR,
+				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+				 errmsg("permission denied: \"%s\" is a system catalog",
+						RelationGetRelationName(event_relation))));
+
 	/*
 	 * Check user has permission to apply rules to this relation.
 	 */
-- 
GitLab