Home > mailing lists

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof?
Date	July 12, 2018 04:52:00
Msg-id	11560.1531349520@sss.pgh.pa.us Whole thread Raw
In response to	CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: CVE-2017-7484-induced bugs, or, btree cmp functions are notleakproof? (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
List	pgsql-hackers

Tree view

I wrote:
> I propose to run through the system operator classes, find any for which
> the comparison function isn't marked leakproof but the operators are,
> and fix them.  This is clearly appropriate for HEAD and maybe it's not
> too late to force an initdb for v11 --- thoughts?

I did that for the built-in btree opclasses.  I decided that it's probably
not worth forcing an initdb in v11 for, though.  In principle, losing
selectivity estimates because of non-leakproof functions should only
happen in queries that are going to fail at runtime anyway.  The real
problem that ought to be addressed and perhaps back-patched is this:

> Another question that could be raised is why we are refusing to use
> stats for a child table when the caller has select on the parent.
> It's completely trivial to extract data from a child table if you
> have select on the parent, so it seems like we are checking the
> wrong table's privileges.

            regards, tom lane

pgsql-hackers by date:

From: Thomas Munro
Date: 12 July 2018, 04:31:46
Subject: Re: Accounting of zero-filled buffers in EXPLAIN (BUFFERS)

From: Mai Peng
Date: 12 July 2018, 04:56:34
Subject: Segfault logical replication PG 10.4

Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? - Mailing list pgsql-hackers

Previous

Next