From 6973b058bc8d32e104bed99c134a4fab4b5dfe13 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 16 Jun 2019 11:00:23 -0400 Subject: [PATCH] Further fix privileges on pg_statistic_ext[_data]. We don't need to restrict column privileges on pg_statistic_ext; all of that data is OK to read publicly. What we *do* need to do, which was overlooked by 6cbfb784c, is revoke public read access on pg_statistic_ext_data; otherwise we still have the same security hole we started with. Catversion bump to ensure that installations calling themselves beta2 will have this fix. Diagnosis/correction by Dean Rasheed and Tomas Vondra, but I'm going to go ahead and push this fix ASAP so we get more buildfarm cycles on it. Discussion: https://postgr.es/m/8833.1560647898@sss.pgh.pa.us --- src/backend/catalog/system_views.sql | 5 ++--- src/include/catalog/catversion.h | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index f9731453e3..ea4c85e395 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -290,9 +290,8 @@ CREATE VIEW pg_stats_ext WITH (security_barrier) AS WHERE NOT has_column_privilege(c.oid, a.attnum, 'select') ) AND (c.relrowsecurity = false OR NOT row_security_active(c.oid)); -REVOKE ALL on pg_statistic_ext FROM public; -GRANT SELECT (tableoid, oid, stxrelid, stxname, stxnamespace, stxowner, stxkeys, stxkind) - ON pg_statistic_ext TO public; +-- unprivileged users may read pg_statistic_ext but not pg_statistic_ext_data +REVOKE ALL on pg_statistic_ext_data FROM public; CREATE VIEW pg_publication_tables AS SELECT diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index ed20a4faaf..fe44cae3ff 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 201906152 +#define CATALOG_VERSION_NO 201906161 #endif -- 2.39.5