Home > mailing lists

pgsql: Make currtid() functions require SELECT privileges on the target - Mailing list pgsql-committers

From	[email protected] (Tom Lane)
Subject	pgsql: Make currtid() functions require SELECT privileges on the target
Date	August 26, 2007 21:57:44
Msg-id	[email protected] Whole thread Raw
List	pgsql-committers

Tree view

Log Message:
-----------
Make currtid() functions require SELECT privileges on the target table.
While it's not clear that TID linkage info is of any great use to a
nefarious user, it's certainly unexpected that these functions wouldn't
insist on read privileges.

Modified Files:
--------------
    pgsql/src/backend/utils/adt:
        tid.c (r1.57 -> r1.58)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/tid.c?r1=1.57&r2=1.58)

pgsql-committers by date:

From: [email protected] (Tom Lane)
Date: 26 August 2007, 21:13:57
Subject: pgsql: Restrict pgrowlocks function to superusers.

From: [email protected] (Tom Lane)
Date: 26 August 2007, 22:19:25
Subject: pgsql: Restrict pg_relation_size to relation owner, pg_database_size to

pgsql: Make currtid() functions require SELECT privileges on the target - Mailing list pgsql-committers

Previous

Next