Home > mailing lists

Re: pageinspect some function no need superuser priv - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: pageinspect some function no need superuser priv
Date	October 14 17:29:39
Msg-id	954668.1760452179@sss.pgh.pa.us Whole thread Raw
In response to	Re: pageinspect some function no need superuser priv (Kirill Reshke <reshkekirill@gmail.com>)
Responses	Re: pageinspect some function no need superuser priv
List	pgsql-hackers

Tree view

Kirill Reshke <reshkekirill@gmail.com> writes:
> On Tue, 14 Oct 2025, 18:27 jian he, <jian.universality@gmail.com> wrote:
>> If you're the table owner, you should be allowed to use get_raw_page (and
>> other pageinspect module functions)?

> I was also wondering if there is any security vulnerability with that.
> I was thinking about page lsn, checkpoint and wal compression as a possible
> way to abuse, but did not managed to came up with exploit

Yeah, I do not think it follows that being table owner should
entitle you to such low-level access.  I'm inclined to reject
this proposal.

            regards, tom lane

pgsql-hackers by date:

From: Melanie Plageman
Date: 14 October, 17:16:24
Subject: Re: eliminate xl_heap_visible to reduce WAL (and eventually set VM on-access)

From: Nathan Bossart
Date: 14 October, 18:51:51
Subject: Re: pageinspect some function no need superuser priv

Re: pageinspect some function no need superuser priv - Mailing list pgsql-hackers

Previous

Next