From: Tom Lane Date: Sun, 16 Jun 2019 15:00:23 +0000 (-0400) Subject: Further fix privileges on pg_statistic_ext[_data]. X-Git-Tag: REL_12_BETA2~7 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6973b058bc8d32e104bed99c134a4fab4b5dfe13;p=postgresql Further fix privileges on pg_statistic_ext[_data]. We don't need to restrict column privileges on pg_statistic_ext; all of that data is OK to read publicly. What we *do* need to do, which was overlooked by 6cbfb784c, is revoke public read access on pg_statistic_ext_data; otherwise we still have the same security hole we started with. Catversion bump to ensure that installations calling themselves beta2 will have this fix. Diagnosis/correction by Dean Rasheed and Tomas Vondra, but I'm going to go ahead and push this fix ASAP so we get more buildfarm cycles on it. Discussion: https://postgr.es/m/8833.1560647898@sss.pgh.pa.us --- diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index f9731453e3..ea4c85e395 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -290,9 +290,8 @@ CREATE VIEW pg_stats_ext WITH (security_barrier) AS WHERE NOT has_column_privilege(c.oid, a.attnum, 'select') ) AND (c.relrowsecurity = false OR NOT row_security_active(c.oid)); -REVOKE ALL on pg_statistic_ext FROM public; -GRANT SELECT (tableoid, oid, stxrelid, stxname, stxnamespace, stxowner, stxkeys, stxkind) - ON pg_statistic_ext TO public; +-- unprivileged users may read pg_statistic_ext but not pg_statistic_ext_data +REVOKE ALL on pg_statistic_ext_data FROM public; CREATE VIEW pg_publication_tables AS SELECT diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index ed20a4faaf..fe44cae3ff 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 201906152 +#define CATALOG_VERSION_NO 201906161 #endif