| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Fix incorrect permissions on pg_subscription. |
| Date: | 2021-06-03 18:54:27 |
| Message-ID: | E1losU7-0001OJ-7s@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix incorrect permissions on pg_subscription.
The documented intent is for all columns except subconninfo to be
publicly readable. However, this has been overlooked twice.
subsynccommit has never been readable since it was introduced,
nor has the oid column (which is important for joining).
Given the lack of previous complaints, it's not clear that it's
worth doing anything about this in the back branches. But there's
still time to fix it inexpensively for v14.
Per report from Israel Barth (via Euler Taveira).
Patch by Euler Taveira, possibly-vain comment updates by me.
Discussion: https://postgr.es/m/b8f7c17c-0041-46b6-acfe-2d1f5a985ab4@www.fastmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/3590680b85a8e51ef8df550e5a10dedd0d2dfd88
Modified Files
--------------
src/backend/catalog/system_views.sql | 5 +++--
src/include/catalog/catversion.h | 2 +-
src/include/catalog/pg_subscription.h | 5 ++++-
3 files changed, 8 insertions(+), 4 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2021-06-03 20:15:11 | pgsql: In PostgresNode.pm, don't pass SQL to psql on the command line |
| Previous Message | Michael Paquier | 2021-06-03 06:31:04 | pgsql: Reduce risks of conflicts in internal queries of REFRESH MATVIEW |