| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: Insufficient attention to security in contrib (mostly) |
| Date: | 2007-08-28 23:13:59 |
| Message-ID: | 15199.1188342839@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Heikki Linnakangas" <heikki(at)enterprisedb(dot)com> writes:
> Tom Lane wrote:
>> btreefuncs.c is a security hole a mile wide: it will happily dump the
>> entire data content of an index for you. It's a good thing this hasn't
>> shipped in any release yet. While we could possibly make it look up
>> the index's parent table and check if you have SELECT privilege on
>> that, it'd be easier just to make the functions demand superuser
>> privilege, which is what the rest of the functions in this contrib
>> module require. Comments?
> Oh dear. Those functions were actually just moved from pgstattuple, and
> has been there since 8.2. Better backpatch that to the pgstattuple
> functions in 8.2.
Done, thanks for the heads-up.
> I doubt there's any tools out there using those functions, so
> restricting them to superuser only is probably ok.
If anyone complains, we could probably knock them down to SELECT
privilege, but finding the parent table to apply the select priv check
to seems a bit of a pain for the index cases. So I won't bother unless
someone does complain.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albert Cervera i Areny | 2007-08-28 23:57:07 | Contrib modules documentation online |
| Previous Message | Tom Lane | 2007-08-28 22:38:16 | Re: Insufficient attention to security in contrib (mostly) |