From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Dean Rasheed <dean(dot)a(dot)rasheed(at)gmail(dot)com> |
Cc: | Andres Freund <andres(at)anarazel(dot)de>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Mario De Frutos Dieguez <mariodefrutos(at)gmail(dot)com>, pgsql-bugs(at)lists(dot)postgresql(dot)org |
Subject: | Re: Fwd: Problem with a "complex" upsert |
Date: | 2018-08-06 16:41:21 |
Message-ID: | 22577.1533573681@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-bugs |
I wrote:
> Attached is our finished patch against HEAD. This is pretty much all
> Dean's work, but I'm posting it on his behalf because it's late in the UK
> and he's gone offline for the day. In the interests of getting a
> full set of buildfarm testing on the patch before Monday's wrap deadline,
> I'm going to finish up back-porting the patch and push it tonight.
Final(?) note on this thread --- the security team realized over the
weekend that this bug constitutes a security issue, because you can do
more than crash the server. We don't normally consider simple crashes
as being CVE-worthy problems, but in this case, there's potential for
datatype confusion, which can be leveraged to allow disclosure of server
memory (as we've seen in other bugs before). We also realized that it's
possible to update a column you supposedly don't have privilege to update,
as long as there's some other column you do.
We've retroactively obtained a CVE number and will be describing this as
a security problem in the release notes.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Mario de Frutos Dieguez | 2018-08-06 16:48:19 | Re: Fwd: Problem with a "complex" upsert |
Previous Message | Bear Giles | 2018-08-06 14:45:15 | Re: How to revoke privileged from PostgreSQL's superuser |
From | Date | Subject | |
---|---|---|---|
Next Message | Mario de Frutos Dieguez | 2018-08-06 16:48:19 | Re: Fwd: Problem with a "complex" upsert |
Previous Message | David G. Johnston | 2018-08-06 16:03:01 | Re: Docker image of 11~beta2-2 orders strings case-insensitively |