Tom Lane wrote:
> btreefuncs.c is a security hole a mile wide: it will happily dump the
> entire data content of an index for you. It's a good thing this hasn't
> shipped in any release yet. While we could possibly make it look up
> the index's parent table and check if you have SELECT privilege on
> that, it'd be easier just to make the functions demand superuser
> privilege, which is what the rest of the functions in this contrib
> module require. Comments?
Oh dear. Those functions were actually just moved from pgstattuple, and
has been there since 8.2. Better backpatch that to the pgstattuple
functions in 8.2. It didn't occur to me to check the permissions on the
existing functions while I added the new ones.
I doubt there's any tools out there using those functions, so
restricting them to superuser only is probably ok.
-- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com