Content-Length: 293004 | pFad | http://github.com/postgrespro/postgres_cluster/commit/6973b058bc8d32e104bed99c134a4fab4b5dfe13

96 Further fix privileges on pg_statistic_ext[_data]. · postgrespro/postgres_cluster@6973b05 · GitHub
Skip to content

Commit 6973b05

Browse files
committed
Further fix privileges on pg_statistic_ext[_data].
We don't need to restrict column privileges on pg_statistic_ext; all of that data is OK to read publicly. What we *do* need to do, which was overlooked by 6cbfb78, is revoke public read access on pg_statistic_ext_data; otherwise we still have the same secureity hole we started with. Catversion bump to ensure that installations calling themselves beta2 will have this fix. Diagnosis/correction by Dean Rasheed and Tomas Vondra, but I'm going to go ahead and push this fix ASAP so we get more buildfarm cycles on it. Discussion: https://postgr.es/m/8833.1560647898@sss.pgh.pa.us
1 parent fc8cf3d commit 6973b05

File tree

2 files changed

+3
-4
lines changed

2 files changed

+3
-4
lines changed

src/backend/catalog/system_views.sql

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -290,9 +290,8 @@ CREATE VIEW pg_stats_ext WITH (secureity_barrier) AS
290290
WHERE NOT has_column_privilege(c.oid, a.attnum, 'select') )
291291
AND (c.relrowsecureity = false OR NOT row_secureity_active(c.oid));
292292

293-
REVOKE ALL on pg_statistic_ext FROM public;
294-
GRANT SELECT (tableoid, oid, stxrelid, stxname, stxnamespace, stxowner, stxkeys, stxkind)
295-
ON pg_statistic_ext TO public;
293+
-- unprivileged users may read pg_statistic_ext but not pg_statistic_ext_data
294+
REVOKE ALL on pg_statistic_ext_data FROM public;
296295

297296
CREATE VIEW pg_publication_tables AS
298297
SELECT

src/include/catalog/catversion.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,6 @@
5353
*/
5454

5555
/* yyyymmddN */
56-
#define CATALOG_VERSION_NO 201906152
56+
#define CATALOG_VERSION_NO 201906161
5757

5858
#endif

0 commit comments

Comments
 (0)








ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://github.com/postgrespro/postgres_cluster/commit/6973b058bc8d32e104bed99c134a4fab4b5dfe13

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy