hi.
just came to my mind.
If you're the table owner, you should be allowed to use get_raw_page (and other
pageinspect module functions)?
We can use RangeVarGetRelidExtended with
RangeVarCallbackOwnsRelation to perform the ownership check.
Attached is a draft POC.
Am I missing anything obvious?
d
On Tue, 14 Oct 2025, 18:27 jian he, wrote:
> hi.
>
> just came to my mind.
>
> If you're the table owner, you should be allowed to use get_raw_page (and
> other
> pageinspect module functions)?
> We can use RangeVarGetRelidExtended with
> RangeVarCallbackOwnsRelation to perform the ownership chec
Kirill Reshke writes:
> On Tue, 14 Oct 2025, 18:27 jian he, wrote:
>> If you're the table owner, you should be allowed to use get_raw_page (and
>> other pageinspect module functions)?
> I was also wondering if there is any security vulnerability with that.
> I was thinking about page lsn, checkp
On Tue, Oct 14, 2025 at 10:51:51AM -0500, Nathan Bossart wrote:
> On Tue, Oct 14, 2025 at 10:29:39AM -0400, Tom Lane wrote:
>> Yeah, I do not think it follows that being table owner should
>> entitle you to such low-level access. I'm inclined to reject
>> this proposal.
>
> -1 here, too. IMHO al
On Tue, Oct 14, 2025 at 10:29:39AM -0400, Tom Lane wrote:
> Yeah, I do not think it follows that being table owner should
> entitle you to such low-level access. I'm inclined to reject
> this proposal.
-1 here, too. IMHO all of pageinspect should remain superuser-only since
it is meant for devel
