| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Dilip Kumar <dilipbalaut(at)gmail(dot)com> |
| Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Side effect of CVE-2017-7484 fix? |
| Date: | 2018-10-22 13:46:44 |
| Message-ID: | 82920.1540216004@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Dilip Kumar <dilipbalaut(at)gmail(dot)com> writes:
> As part of the security fix
> (e2d4ef8de869c57e3bf270a30c12d48c2ce4e00c), we have restricted the
> users from accessing the statistics of the table if the user doesn't
> have privileges on the table and the function is not leakproof. Now,
> as a side effect of this, if the user has the privileges on the root
> partitioned table but does not have privilege on the child tables, the
> user will be able to access the data of the child table but it won't
> be able to access the statistics of the child table. This may result
> in a bad plan.
This was complained of already,
https://www.postgresql.org/message-id/flat/3876.1531261875%40sss.pgh.pa.us
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Bug reporting form | 2018-10-22 14:00:50 | BUG #15449: file_fdw using program cause exit code error when using LIMIT |
| Previous Message | PG Bug reporting form | 2018-10-22 12:34:14 | BUG #15448: server process (PID 22656) was terminated by exception 0xC0000005 |