From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? |
Date: | 2018-07-14 11:14:21 |
Message-ID: | 3ad75dc5-4ae7-087a-f2f8-b3bd92a8b2b0@2ndquadrant.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 12.07.18 00:52, Tom Lane wrote:
>> Another question that could be raised is why we are refusing to use
>> stats for a child table when the caller has select on the parent.
>> It's completely trivial to extract data from a child table if you
>> have select on the parent, so it seems like we are checking the
>> wrong table's privileges.
That seems like an oversight.
The underlying principle is that we want to allow access to statistics
if the user could read the table, or more accurately the column, anyway.
This could also happen through inheritance, so we should check that as
well, but we need to make sure that the particular column is inherited
and not added locally. Also, for the expression index case, we don't
track the individual columns, so we don't have that information. For
partitioning, we can rely on all the columns being inherited, but not
for plain inheritance. So there are some details to work through, it seems.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Eisentraut | 2018-07-14 11:15:46 | Re: Segfault logical replication PG 10.4 |
Previous Message | Peter Eisentraut | 2018-07-14 10:57:16 | Re: make installcheck-world in a clean environment |