On Tue, Apr 25, 2017 at 3:24 PM, David Fetter <david@fetter.org> wrote:
I don't have an exploit yet. What concerns me is attackers' access to
what is in essence the ability to poke at RULEs when they only have privileges to read.
If they want to see how it works they can read the source code. In terms of runtime data it would limited to whatever the session itself created. In most cases the presence of the cache would be invisible. I suppose it might appear if one were to explain a query, reset the session, explain another query and then re-explain the original. If the chosen plan in the second pass differed because of the presence of the leading query it would be noticeable but not revealing. Albeit I'm a far cry from a security expert...