Home > mailing lists

Re: [COMMITTERS] pgsql: Fix column-privilege leak in error-message paths - Mailing list pgsql-hackers

From	Stephen Frost
Subject	Re: [COMMITTERS] pgsql: Fix column-privilege leak in error-message paths
Date	January 30, 2015 06:37:32
Msg-id	20150130033727.GC3854@tamriel.snowman.net Whole thread Raw
In response to	Re: [COMMITTERS] pgsql: Fix column-privilege leak in error-message paths (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

Tom,

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> Stephen Frost <sfrost@snowman.net> writes:
> > Fix column-privilege leak in error-message paths

[...]

> The cause of that is the logic added to BuildIndexValueDescription, which
> ignores the possibility that some of the index columns are expressions
> (which will have a zero in indkey[]).
>
> I'm not sure that it's worth trying to drill down and determine exactly
> which column(s) are referenced by an expression.  I'd be content if we
> just decided that any index expression is off-limits to someone without
> full SELECT access, which could be achieved with something like

Commit pushed with this approach.

> (though a comment about it wouldn't be a bad thing either)

and a comment added explaining it.

Thanks again for pointing it out and please let me know if you see any
further issues.
Stephen

pgsql-hackers by date:

From: Alvaro Herrera
Date: 30 January 2015, 06:28:30
Subject: Re: TODO : Allow parallel cores to be used by vacuumdb [ WIP ]

From: Stephen Frost
Date: 30 January 2015, 06:40:33
Subject: Re: Possible typo in create_policy.sgml

Re: [COMMITTERS] pgsql: Fix column-privilege leak in error-message paths - Mailing list pgsql-hackers

Previous

Next