Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Amit Langote <amitlangote09@gmail.com>
From: Amit Langote <amitlangote09@gmail.com>
To: Dilip Kumar <dilipbalaut@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>,
Amit Langote <Langote_Amit_f8@lab.ntt.co.jp>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-09-05T09:56:29Z
Lists: pgsql-hackers
Attachments
- v4-0001-Use-root-parent-s-permissions-when-reading-child-.patch (application/octet-stream) patch v4-0001
On Thu, Sep 5, 2019 at 6:33 PM Dilip Kumar <dilipbalaut@gmail.com> wrote:
> /*
> + * For inheritance child relations, we also need to remember
> + * the root parent.
> + */
> + if (parent->rtekind == RTE_RELATION)
> + rel->inh_root_relid = parent->inh_root_relid > 0 ?
> + parent->inh_root_relid :
> + parent->relid;
> + else
> + /* Child relation of flattened UNION ALL subquery. */
> + rel->inh_root_relid = relid;
>
> With the current changes, parent->inh_root_relid will always be > 0 so
> (parent->inh_root_relid > 0) condition doesn't make sence. Right?
Oops, you're right. It should be:
if (parent->rtekind == RTE_RELATION)
rel->inh_root_relid = parent->inh_root_relid;
else
rel->inh_root_relid = relid;
Updated patch attached.
Thanks,
Amit
Commits
-
Allow access to child table statistics if user can read parent table.
- 553d2ec2710b 13.0 landed
- 21a4edd1281d 12.2 landed
- 1d9056f563f3 11.7 landed
-
Mark built-in btree comparison functions as leakproof where it's safe.
- 39a96512b3ed 12.0 landed