granicus.if.org Git - postgresql/commit

author	Dean Rasheed <dean.a.rasheed@gmail.com>
	Sun, 23 Jun 2019 17:50:08 +0000 (18:50 +0100)
committer	Dean Rasheed <dean.a.rasheed@gmail.com>
	Sun, 23 Jun 2019 17:50:08 +0000 (18:50 +0100)
commit	d7f8d26d9f4c0a574250ec53a03b3dc08d13796c
tree	c5484df58f12894e2cd3e332526ed2973bd04bf9	tree \| snapshot
parent	89ff7c08eee355195eba6f544d28584e61200665	commit \| diff

Add security checks to the multivariate MCV estimation code.

The multivariate MCV estimation code may run user-defined operators on
the values in the MCV list, which means that those operators may
potentially leak the values from the MCV list. Guard against leaking
data to unprivileged users by checking that the user has SELECT
privileges on the table or all of the columns referred to by the
statistics.

Additionally, if there are any securityQuals on the RTE (either due to
RLS policies on the table, or accessing the table via a security
barrier view), not all rows may be visible to the current user, even
if they have table or column privileges. Thus we further insist that
the operator be leakproof in this case.

Dean Rasheed, reviewed by Tomas Vondra.

Discussion: https://postgr.es/m/CAEZATCUhT9rt7Ui=Vdx4N==VV5XOK5dsXfnGgVOz_JhAicB=ZA@mail.gmail.com

src/backend/statistics/extended_stats.c		diff \| blob \| history
src/test/regress/expected/stats_ext.out		diff \| blob \| history
src/test/regress/sql/stats_ext.sql		diff \| blob \| history