Home > mailing lists

Comments on old bug report in light of CVE-2018-1058 - Mailing list pgsql-hackers

From	David G. Johnston
Subject	Comments on old bug report in light of CVE-2018-1058
Date	March 1, 2018 20:30:30
Msg-id	CAKFQuwZ_wDHHAGPeZEtxkTxDdj0tbeE9J-sux6N=vxSPYJmw3g@mail.gmail.com Whole thread Raw
List	pgsql-hackers

Tree view

Hackers,

By happen-stance I recently came across an old bug report that I responded to, #13651 (circa 2015-09), and reading the commentary for CVE-2018-1058 made me think about it in a different light. While no one added to my responses back then I'm thinking it would be worthwhile if one or more persons with more experience than myself would skim over the thread and make a judgement as to whether there is anything worth addressing.

The thread ends up being a bit more broad than just what the subject line implies.

BUG #13651: trigger security invoker attack

https://www.postgresql.org/message-id/flat/20150929115737.1448.91255%40wrigleys.postgresql.org#20150929115737.1448.91255@wrigleys.postgresql.org

Thanks!

David J.

pgsql-hackers by date:

From: Alexander Kuzmenkov
Date: 01 March 2018, 20:25:09
Subject: Re: [patch] BUG #15005: ANALYZE can make pg_class.reltuplesinaccurate.

From: David Steele
Date: 01 March 2018, 20:35:30
Subject: Re: Reduce amount of WAL generated by CREATE INDEX for gist, gin andsp-gist

Comments on old bug report in light of CVE-2018-1058 - Mailing list pgsql-hackers

Previous

Next