aboutsummaryrefslogtreecommitdiff
path: root/doc/src
diff options
context:
space:
mode:
authorNathan Bossart <nathan@postgresql.org>2024-05-06 09:00:00 -0500
committerNathan Bossart <nathan@postgresql.org>2024-05-06 09:00:00 -0500
commit521a7156ab47623e299855dd04a2a4ea3ad71afe (patch)
tree0dbfc5a63b0ff96c19de1999ab989dd4e4e97a41 /doc/src
parentd1d286d83c0eed695910cb20d970ea9bea2e5001 (diff)
downloadpostgresql-521a7156ab47623e299855dd04a2a4ea3ad71afe.tar.gz
postgresql-521a7156ab47623e299855dd04a2a4ea3ad71afe.zip
Fix privilege checks in pg_stats_ext and pg_stats_ext_exprs.
The catalog view pg_stats_ext fails to consider privileges for expression statistics. The catalog view pg_stats_ext_exprs fails to consider privileges and row-level security policies. To fix, restrict the data in these views to table owners or roles that inherit privileges of the table owner. It may be possible to apply less restrictive privilege checks in some cases, but that is left as a future exercise. Furthermore, for pg_stats_ext_exprs, do not return data for tables with row-level security enabled, as is already done for pg_stats_ext. On the back-branches, a fix-CVE-2024-4317.sql script is provided that will install into the "share" directory. This file can be used to apply the fix to existing clusters. Bumps catversion on 'master' branch only. Reported-by: Lukas Fittl Reviewed-by: Noah Misch, Tomas Vondra, Tom Lane Security: CVE-2024-4317 Backpatch-through: 14
Diffstat (limited to 'doc/src')
-rw-r--r--doc/src/sgml/catalogs.sgml3
-rw-r--r--doc/src/sgml/system-views.sgml4
2 files changed, 3 insertions, 4 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index c8cb46c5b9c..b530c030f01 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -7788,8 +7788,7 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
is a publicly readable view
on <structname>pg_statistic_ext_data</structname> (after joining
with <link linkend="catalog-pg-statistic-ext"><structname>pg_statistic_ext</structname></link>) that only exposes
- information about those tables and columns that are readable by the
- current user.
+ information about tables the current user owns.
</para>
<table>
diff --git a/doc/src/sgml/system-views.sgml b/doc/src/sgml/system-views.sgml
index 7ed617170f2..a54f4a47431 100644
--- a/doc/src/sgml/system-views.sgml
+++ b/doc/src/sgml/system-views.sgml
@@ -3944,7 +3944,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
and <link linkend="catalog-pg-statistic-ext-data"><structname>pg_statistic_ext_data</structname></link>
catalogs. This view allows access only to rows of
<link linkend="catalog-pg-statistic-ext"><structname>pg_statistic_ext</structname></link> and <link linkend="catalog-pg-statistic-ext-data"><structname>pg_statistic_ext_data</structname></link>
- that correspond to tables the user has permission to read, and therefore
+ that correspond to tables the user owns, and therefore
it is safe to allow public read access to this view.
</para>
@@ -4155,7 +4155,7 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
and <link linkend="catalog-pg-statistic-ext-data"><structname>pg_statistic_ext_data</structname></link>
catalogs. This view allows access only to rows of
<link linkend="catalog-pg-statistic-ext"><structname>pg_statistic_ext</structname></link> and <link linkend="catalog-pg-statistic-ext-data"><structname>pg_statistic_ext_data</structname></link>
- that correspond to tables the user has permission to read, and therefore
+ that correspond to tables the user owns, and therefore
it is safe to allow public read access to this view.
</para>