Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?

Dilip Kumar <dilipbalaut@gmail.com>

From: Dilip Kumar <dilipbalaut@gmail.com>
To: Amit Langote <amitlangote09@gmail.com>
Cc: Amit Langote <Langote_Amit_f8@lab.ntt.co.jp>, Tom Lane <tgl@sss.pgh.pa.us>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2019-07-29T09:59:20Z
Lists: pgsql-hackers
On Wed, Jul 17, 2019 at 2:39 PM Amit Langote <amitlangote09@gmail.com> wrote:
>
> On Wed, Jul 10, 2019 at 2:43 PM Dilip Kumar <dilipbalaut@gmail.com> wrote:
> > On Wed, Jul 10, 2019 at 10:15 AM Amit Langote <amitlangote09@gmail.com> wrote:
> > > Thanks for checking.  There has been a lot of churn in the inheritance
> > > planning code since my last email on this thread, so I'd like to
> > > reconsider.  I'm busy this week with some things, so I'll try posting
> > > something on next Tuesday.
> > >
> > Sounds good.
>
> I looked at this today and concluded that the problem and the patches
> discussed here are fairly isolated from inheritance planning changes
> committed to PG 12.
>
> I've combined the two patches into one.
Looks fine to me, moved to ready for committer.

  I tried to think up test
> cases to go with the code changes, but couldn't come up with one.

I am also not sure how to test whether we have access to the
statistics of the table.

-- 
Regards,
Dilip Kumar
EnterpriseDB: http://www.enterprisedb.com



Commits

  1. Allow access to child table statistics if user can read parent table.

  2. Mark built-in btree comparison functions as leakproof where it's safe.