database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-14 02:22:38 +03:00
Code Activity

Add security checks to selectivity estimation functions

Browse Source 
Some selectivity estimation functions run user-supplied operators over
data obtained from pg_statistic without security checks, which allows
those operators to leak pg_statistic data without having privileges on
the underlying tables.  Fix by checking that one of the following is
satisfied: (1) the user has table or column privileges on the table
underlying the pg_statistic data, or (2) the function implementing the
user-supplied operator is leak-proof.  If neither is satisfied, planning
will proceed as if there are no statistics available.

At least one of these is satisfied in most cases in practice.  The only
situations that are negatively impacted are user-defined or
not-leak-proof operators on a security-barrier view.

Reported-by: Robert Haas <robertmhaas@gmail.com>
Author: Peter Eisentraut <peter_e@gmx.net>
Author: Tom Lane <tgl@sss.pgh.pa.us>

Security: CVE-2017-7484
This commit is contained in:
Peter Eisentraut
2017-05-05 12:18:48 -04:00
parent 04b4183666
commit d45cd7c0ed
7 changed files with 376 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/utils/adt/array_selfuncs.c
View File

@@ -132,7 +132,8 @@ scalararraysel_containment(PlannerInfo *root,
useOr = !useOr;
/* Get array element stats for var, if available */
if (HeapTupleIsValid(vardata.statsTuple))
if (HeapTupleIsValid(vardata.statsTuple) &&
statistic_proc_security_check(&vardata, cmpfunc->fn_oid))
{
Form_pg_statistic stats;
Datum *values;
@@ -363,7 +364,8 @@ calc_arraycontsel(VariableStatData *vardata, Datum constval,
*/
array = DatumGetArrayTypeP(constval);
if (HeapTupleIsValid(vardata->statsTuple))
if (HeapTupleIsValid(vardata->statsTuple) &&
statistic_proc_security_check(vardata, cmpfunc->fn_oid))
{
Form_pg_statistic stats;
Datum *values;