Re: Fwd: Problem with a "complex" upsert
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Dean Rasheed <dean.a.rasheed@gmail.com>
Cc: Andres Freund <andres@anarazel.de>,
Amit Langote <Langote_Amit_f8@lab.ntt.co.jp>,
Mario De Frutos Dieguez <mariodefrutos@gmail.com>,
pgsql-bugs@lists.postgresql.org
Date: 2018-08-06T16:41:21Z
Lists: pgsql-bugs
I wrote: > Attached is our finished patch against HEAD. This is pretty much all > Dean's work, but I'm posting it on his behalf because it's late in the UK > and he's gone offline for the day. In the interests of getting a > full set of buildfarm testing on the patch before Monday's wrap deadline, > I'm going to finish up back-porting the patch and push it tonight. Final(?) note on this thread --- the security team realized over the weekend that this bug constitutes a security issue, because you can do more than crash the server. We don't normally consider simple crashes as being CVE-worthy problems, but in this case, there's potential for datatype confusion, which can be leveraged to allow disclosure of server memory (as we've seen in other bugs before). We also realized that it's possible to update a column you supposedly don't have privilege to update, as long as there's some other column you do. We've retroactively obtained a CVE number and will be describing this as a security problem in the release notes. regards, tom lane
Commits
-
Fix INSERT ON CONFLICT UPDATE through a view that isn't just SELECT *.
- 5ad143cda092 9.5.14 landed
- f6a124d019a4 10.5 landed
- e7154b6acfeb 11.0 landed
- b8a1247a34e2 12.0 landed
- b484bffe7d0e 9.6.10 landed