pgsql: Make currtid() functions require SELECT privileges on the target

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Make currtid() functions require SELECT privileges on the target
Date: 2007-08-27 00:57:36
Message-ID: 20070827005736.B056E7541FB@cvs.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Log Message:
-----------
Make currtid() functions require SELECT privileges on the target table.
While it's not clear that TID linkage info is of any great use to a
nefarious user, it's certainly unexpected that these functions wouldn't
insist on read privileges.

Modified Files:
--------------
pgsql/src/backend/utils/adt:
tid.c (r1.57 -> r1.58)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/tid.c?r1=1.57&r2=1.58)

Browse pgsql-committers by date

  From Date Subject
Next Message Tom Lane 2007-08-27 01:19:14 pgsql: Restrict pg_relation_size to relation owner, pg_database_size to
Previous Message Tom Lane 2007-08-27 00:13:51 pgsql: Restrict pgrowlocks function to superusers.