Re: Side effect of CVE-2017-7484 fix?
| От | Dilip Kumar |
|---|---|
| Тема | Re: Side effect of CVE-2017-7484 fix? |
| Дата | |
| Msg-id | CAFiTN-uvx5OOOkqVuDDJ+7LV4q7+Bu_TNhdV=M0-uUEtM12s7w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Side effect of CVE-2017-7484 fix? (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-hackers |
On Mon, Oct 22, 2018 at 7:16 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Dilip Kumar <dilipbalaut@gmail.com> writes: > > As part of the security fix > > (e2d4ef8de869c57e3bf270a30c12d48c2ce4e00c), we have restricted the > > users from accessing the statistics of the table if the user doesn't > > have privileges on the table and the function is not leakproof. Now, > > as a side effect of this, if the user has the privileges on the root > > partitioned table but does not have privilege on the child tables, the > > user will be able to access the data of the child table but it won't > > be able to access the statistics of the child table. This may result > > in a bad plan. > > This was complained of already, > https://www.postgresql.org/message-id/flat/3876.1531261875%40sss.pgh.pa.us > > regards, tom lane Ok, I see. Thanks. -- Regards, Dilip Kumar EnterpriseDB: http://www.enterprisedb.com
В списке pgsql-hackers по дате отправления: