Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Alvaro Herrera <alvherre@2ndquadrant.com>
From: Alvaro Herrera <alvherre@2ndquadrant.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2018-07-10T22:44:21Z
Lists: pgsql-hackers
On 2018-Jul-10, Tom Lane wrote: > I propose to run through the system operator classes, find any for which > the comparison function isn't marked leakproof but the operators are, > and fix them. This is clearly appropriate for HEAD and maybe it's not > too late to force an initdb for v11 --- thoughts? on initdb in v11, see https://postgr.es/m/CAKJS1f9cqoSKS9JVcBKGa2mdn-24YPWc9XLzFDNsmjJMUpth1w@mail.gmail.com -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Commits
-
Allow access to child table statistics if user can read parent table.
- 553d2ec2710b 13.0 landed
- 21a4edd1281d 12.2 landed
- 1d9056f563f3 11.7 landed
-
Mark built-in btree comparison functions as leakproof where it's safe.
- 39a96512b3ed 12.0 landed