Home > mailing lists

pgsql: Make currtid() functions require SELECT privileges on the target - Mailing list pgsql-committers

From	tgl@postgresql.org (Tom Lane)
Subject	pgsql: Make currtid() functions require SELECT privileges on the target
Date	August 27, 2007 00:57:44
Msg-id	20070827005736.B056E7541FB@cvs.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Log Message:
-----------
Make currtid() functions require SELECT privileges on the target table.
While it's not clear that TID linkage info is of any great use to a
nefarious user, it's certainly unexpected that these functions wouldn't
insist on read privileges.

Modified Files:
--------------
    pgsql/src/backend/utils/adt:
        tid.c (r1.57 -> r1.58)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/tid.c?r1=1.57&r2=1.58)

pgsql-committers by date:

From: tgl@postgresql.org (Tom Lane)
Date: 27 August 2007, 00:13:57
Subject: pgsql: Restrict pgrowlocks function to superusers.

From: tgl@postgresql.org (Tom Lane)
Date: 27 August 2007, 01:19:25
Subject: pgsql: Restrict pg_relation_size to relation owner, pg_database_size to

pgsql: Make currtid() functions require SELECT privileges on the target - Mailing list pgsql-committers

Previous

Next