Skip site navigation (1) Skip section navigation (2)

Re: Nasty security bug with clustering

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au>
Cc: Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Nasty security bug with clustering
Date: 2004-04-28 13:09:01
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Christopher Kings-Lynne <chriskl(at)familyhealth(dot)com(dot)au> writes:
>> No check is performed for being a superuser, the table owner or that it 
>> is a system table when marking an index for clustering:

> I'm about to submit my SET WITHOUT CLUSTER patch, so I'll fix this bug 
> in that.

I'm in the middle of reviewing (read whacking around) Rod Taylor's patch
for multiple operations in ALTER TABLE, so I'm afraid that no patch in
the same area is likely to apply cleanly after the dust settles :-(

I had noted the lack of permissions checks in CLUSTER ON (it's fairly
glaring in the reorganized code) and planned to fix it along with what
I was doing.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Fabien COELHODate: 2004-04-28 13:21:00
Subject: pg ANY/SOME ambiguity wrt sql standard?
Previous:From: Jon JensenDate: 2004-04-28 12:45:06
Subject: Re: Usability, MySQL,, gborg, contrib,

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group