On Tue, 14 Oct 2025, 18:27 jian he, <[email protected]> wrote:
> hi. > > just came to my mind. > > If you're the table owner, you should be allowed to use get_raw_page (and > other > pageinspect module functions)? > We can use RangeVarGetRelidExtended with > RangeVarCallbackOwnsRelation to perform the ownership check. > > Attached is a draft POC. > Am I missing anything obvious? > Hi! I was also wondering if there is any security vulnerability with that. I was thinking about page lsn, checkpoint and wal compression as a possible way to abuse, but did not managed to came up with exploit >
