Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Dilip Kumar <dilipbalaut@gmail.com>
From: Dilip Kumar <dilipbalaut@gmail.com>
To: Amit Langote <amitlangote09@gmail.com>
Cc: Amit Langote <Langote_Amit_f8@lab.ntt.co.jp>,
Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-07-29T09:59:20Z
Lists: pgsql-hackers
On Wed, Jul 17, 2019 at 2:39 PM Amit Langote <amitlangote09@gmail.com> wrote: > > On Wed, Jul 10, 2019 at 2:43 PM Dilip Kumar <dilipbalaut@gmail.com> wrote: > > On Wed, Jul 10, 2019 at 10:15 AM Amit Langote <amitlangote09@gmail.com> wrote: > > > Thanks for checking. There has been a lot of churn in the inheritance > > > planning code since my last email on this thread, so I'd like to > > > reconsider. I'm busy this week with some things, so I'll try posting > > > something on next Tuesday. > > > > > Sounds good. > > I looked at this today and concluded that the problem and the patches > discussed here are fairly isolated from inheritance planning changes > committed to PG 12. > > I've combined the two patches into one. Looks fine to me, moved to ready for committer. I tried to think up test > cases to go with the code changes, but couldn't come up with one. I am also not sure how to test whether we have access to the statistics of the table. -- Regards, Dilip Kumar EnterpriseDB: http://www.enterprisedb.com
Commits
-
Allow access to child table statistics if user can read parent table.
- 553d2ec2710b 13.0 landed
- 21a4edd1281d 12.2 landed
- 1d9056f563f3 11.7 landed
-
Mark built-in btree comparison functions as leakproof where it's safe.
- 39a96512b3ed 12.0 landed