Re: Fw: Isn't pg_statistic a security hole - Solution Proposal

Your patch has been added to the PostgreSQL unapplied patches list at:

http://candle.pha.pa.us/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

> Thanks for the detailed feedback, Tom. I really appreciate the pointers on
> my style and otherwise. Attached is my next attempt. To summarize the
> changes:
>
> - changed usesysid back to Oid. I noticed that the Acl functions all treated
> usesysid as an Oid anyway.
>
> - changed function names to has_user_privilege_name_name,
> has_user_privilege_name_id, etc
>
> - trimmed down test script, added variety (some privs granted, not all), and
> added bad input cases (this already paid off -- see below)
>
> - replaced has_table_privilege(int usesysid, char *relname, char *priv_type)
> with
> AclMode convert_priv_string (text * priv_type_text)
>
> - changed
> if (result == 1) {
> PG_RETURN_BOOL(FALSE);
> . . .
> to
> if (result == ACLCHECK_OK) {
> PG_RETURN_BOOL(TRUE);
> . . .
> - removed #define PRIV_INSERT "INSERT\0", etc from acl.h
>
> One item of note -- while pg_aclcheck *does* validate relname for
> non-superusers, it *does not* bother for superusers. Therefore I left the
> relname check in the has_table_privilege_*_name() functions. Also note that
> I skipped has_priv_r3.diff -- that one helped find the superuser/relname
> issue.
>
> I hope this version passes muster ;-)
>
> -- Joe
>

[ Attachment, skipping... ]

[ Attachment, skipping... ]

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026