projects / postgresql.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | | inline | side by side (parent: c34605d)
Prevent non-superusers from reading pg_backend_memory_contexts, by default.
authorFujii Masao <[email protected]>
Wed, 26 Aug 2020 01:50:02 +0000 (10:50 +0900)
committerFujii Masao <[email protected]>
Wed, 26 Aug 2020 01:50:02 +0000 (10:50 +0900)
pg_backend_memory_contexts view contains some internal information of
memory contexts. Since exposing them to any users by default may cause
security issue, this commit allows only superusers to read this view,
by default, like we do for pg_shmem_allocations view.

Bump catalog version.

Author: Atsushi Torikoshi
Reviewed-by: Michael Paquier, Fujii Masao
Discussion: https://postgr.es/m/1414992.1597849297@sss.pgh.pa.us

doc/src/sgml/catalogs.sgml | blob | blame | history
src/backend/catalog/system_views.sql | blob | blame | history
src/include/catalog/catversion.h | blob | blame | history

diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index 1232b24e74cff1ddd01ac7f98fe3e42838dedf71..9fe260ecff7f336993a1b851e8b453b79d97573c 100644 (file)
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -9697,6 +9697,10 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
    </tgroup>
   </table>
 
+  <para>
+   By default, the <structname>pg_backend_memory_contexts</structname> view can be
+   read only by superusers.
+  </para>
  </sect1>
 
  <sect1 id="view-pg-config">
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index ba5a23ac2524f305944e23c0d6b1670986db55c6..a2d61302f9e82305fee05a21ac6110734d87746e 100644 (file)
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -557,6 +557,9 @@ REVOKE EXECUTE ON FUNCTION pg_get_shmem_allocations() FROM PUBLIC;
 CREATE VIEW pg_backend_memory_contexts AS
     SELECT * FROM pg_get_backend_memory_contexts();
 
+REVOKE ALL ON pg_backend_memory_contexts FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_get_backend_memory_contexts() FROM PUBLIC;
+
 -- Statistics views
 
 CREATE VIEW pg_stat_all_tables AS
diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h
index 3e6779763000f2fe5dbad682e13b5fe256de6041..573f1841b73d2a75c2b9d4dedde535c6bd1a89fc 100644 (file)
--- a/src/include/catalog/catversion.h
+++ b/src/include/catalog/catversion.h
@@ -53,6 +53,6 @@
  */
 
 /*                         yyyymmddN */
-#define CATALOG_VERSION_NO 202008191
+#define CATALOG_VERSION_NO 202008261
 
 #endif
This is the main PostgreSQL git repository.