Fix column-privilege leak in error-message paths While building error messages to return to the user, BuildIndexValueDescription, ExecBuildSlotValueDescription and ri_ReportViolation would happily include the entire key or entire row in the result returned to the user, even if the user didn't have access to view all of the columns being included.
Instead, include only those columns which the user is providing or which the user has select rights on. If the user does not have any rights to view the table or any of the columns involved then no detail is provided and a NULL value is returned from BuildIndexValueDescription and ExecBuildSlotValueDescription. Note that, for key cases, the user must have access to all of the columns for the key to be shown; a partial key will not be returned. Back-patch all the way, as column-level privileges are now in all supported versions. This has been assigned CVE-2014-8161, but since the issue and the patch have already been publicized on pgsql-hackers, there's no point in trying to hide this commit. Branch ------ REL9_2_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/d49f84b084d82aac3ddc387f9f306c28240f62f7 Modified Files -------------- src/backend/access/index/genam.c | 60 ++++++++++- src/backend/access/nbtree/nbtinsert.c | 10 +- src/backend/commands/copy.c | 6 +- src/backend/commands/trigger.c | 6 ++ src/backend/executor/execMain.c | 168 +++++++++++++++++++++++------- src/backend/executor/execUtils.c | 12 ++- src/backend/utils/adt/ri_triggers.c | 86 +++++++++++---- src/backend/utils/sort/tuplesort.c | 9 +- src/test/regress/expected/privileges.out | 32 ++++++ src/test/regress/sql/privileges.sql | 25 +++++ 10 files changed, 344 insertions(+), 70 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers