Home > mailing lists

Re: pageinspect some function no need superuser priv - Mailing list pgsql-hackers

From	Kirill Reshke
Subject	Re: pageinspect some function no need superuser priv
Date	October 14 16:32:20
Msg-id	CALdSSPhHihvo8CqacXxnKW6LLqJpq-q5okOoRzsS6j8jQYZu6Q@mail.gmail.com Whole thread Raw
In response to	pageinspect some function no need superuser priv (jian he <jian.universality@gmail.com>)
Responses	Re: pageinspect some function no need superuser priv
List	pgsql-hackers

Tree view

On Tue, 14 Oct 2025, 18:27 jian he, <jian.universality@gmail.com> wrote:

hi.

just came to my mind.

If you're the table owner, you should be allowed to use get_raw_page (and other
pageinspect module functions)?
We can use RangeVarGetRelidExtended with
RangeVarCallbackOwnsRelation to perform the ownership check.

Attached is a draft POC.
Am I missing anything obvious?

Hi!

I was also wondering if there is any security vulnerability with that.

I was thinking about page lsn, checkpoint and wal compression as a possible way to abuse, but did not managed to came up with exploit

pgsql-hackers by date:

From: jian he
Date: 14 October, 16:26:56
Subject: pageinspect some function no need superuser priv

From: Melanie Plageman
Date: 14 October, 17:16:24
Subject: Re: eliminate xl_heap_visible to reduce WAL (and eventually set VM on-access)

Re: pageinspect some function no need superuser priv - Mailing list pgsql-hackers

Previous

Next