| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Re: [COMMITTERS] pgsql: Fix column-privilege leak in error-message paths |
| Date: | 2015-01-30 03:37:27 |
| Message-ID: | 20150130033727.GC3854@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers pgsql-hackers |
Tom,
* Tom Lane (tgl(at)sss(dot)pgh(dot)pa(dot)us) wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > Fix column-privilege leak in error-message paths
[...]
> The cause of that is the logic added to BuildIndexValueDescription, which
> ignores the possibility that some of the index columns are expressions
> (which will have a zero in indkey[]).
>
> I'm not sure that it's worth trying to drill down and determine exactly
> which column(s) are referenced by an expression. I'd be content if we
> just decided that any index expression is off-limits to someone without
> full SELECT access, which could be achieved with something like
Commit pushed with this approach.
> (though a comment about it wouldn't be a bad thing either)
and a comment added explaining it.
Thanks again for pointing it out and please let me know if you see any
further issues.
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2015-01-30 15:11:08 | pgsql: Allow pg_dump to use jobs and serializable transactions together |
| Previous Message | Stephen Frost | 2015-01-30 03:01:20 | pgsql: Fix BuildIndexValueDescription for expressions |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-01-30 03:40:30 | Re: Possible typo in create_policy.sgml |
| Previous Message | Alvaro Herrera | 2015-01-30 03:28:43 | Re: TODO : Allow parallel cores to be used by vacuumdb [ WIP ] |