Re: Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW

Поиск

Список

Период

Сортировка

От	Patrik Novotny
Тема	Re: Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW
Дата	30 апреля 2021 г. 18:24:03
Msg-id	CAE_EZkjoWYBRj0ezmTfaN+p3u89qTJJZXGpi=E0X6VTasqO_xQ@mail.gmail.com обсуждение исходный текст
Ответ на	Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW (Patrik Novotny <panovotn@redhat.com>)
Список	pgsql-hackers

Дерево обсуждения

We've figured it out. Please ignore.

Regards.

On Fri, Apr 30, 2021 at 3:13 PM Patrik Novotny <panovotn@redhat.com> wrote:

Hi,

I need to reproduce the CVE-2020-25695 on PostgreSQL 9.2.24. I know this is not a supported version, however, it is important for us to have a reproducer for this version as well.

The reproducer for supported versions[1] is based on REFRESH MATERIALIZED VIEW which is not implemented until version 9.3.

I was trying to reproduce this using ANALYZE as you can see in this poc.sql file[2]. However, it doesn't reproduce the issue.

It would be really appreciated if someone could take a look at it and help.

[1] https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/test/regress/sql/privileges.sql;h=013bc95c74bd20e5ab7f1826ea7e676da2a0e85b;hb=HEAD#l896
[2] https://pastebin.com/6hgziYRD

Regards,

--
Patrik Novotný
Associate Software Engineer
Red Hat
panovotn@redhat.com

Patrik Novotný
Associate Software Engineer
Red Hat
panovotn@redhat.com

В списке pgsql-hackers по дате отправления:

Предыдущее

От: Tom Lane
Дата: 30 апреля 2021 г., 18:06:45
Сообщение: Re: MaxOffsetNumber for Table AMs

Следующее

От: Peter Geoghegan
Дата: 30 апреля 2021 г., 18:36:17
Сообщение: Re: MaxOffsetNumber for Table AMs

Вход в личный кабинет

Восстановление пароля

Подтверждение аккаунта

Изменение пароля

Re: Help needed with a reproducer for CVE-2020-25695 not based on REFRESH MATERIALIZED VIEW

Предыдущее

Следующее