From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Mon, 6 Nov 2017 17:02:30 +0000 (-0500)
Subject: Last-minute updates for release notes.
X-Git-Tag: REL9_2_24~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=203b965f275061894621a5a359213ac77558d33f;p=thirdparty%2Fpostgresql.git

Last-minute updates for release notes.

Security: CVE-2017-12172, CVE-2017-15098, CVE-2017-15099
---

diff --git a/doc/src/sgml/release-9.2.sgml b/doc/src/sgml/release-9.2.sgml
index f0283ad500f..e1bfb2e2b22 100644
--- a/doc/src/sgml/release-9.2.sgml
+++ b/doc/src/sgml/release-9.2.sgml
@@ -40,6 +40,31 @@
 
    <itemizedlist>
 
+    <listitem>
+     <para>
+      Fix sample server-start scripts to become <literal>$PGUSER</literal>
+      before opening <literal>$PGLOG</literal> (Noah Misch)
+     </para>
+
+     <para>
+      Previously, the postmaster log file was opened while still running as
+      root.  The database owner could therefore mount an attack against
+      another system user by making <literal>$PGLOG</literal> be a symbolic
+      link to some other file, which would then become corrupted by appending
+      log messages.
+     </para>
+
+     <para>
+      By default, these scripts are not installed anywhere.  Users who have
+      made use of them will need to manually recopy them, or apply the same
+      changes to their modified versions.  If the
+      existing <literal>$PGLOG</literal> file is root-owned, it will need to
+      be removed or renamed out of the way before restarting the server with
+      the corrected script.
+      (CVE-2017-12172)
+     </para>
+    </listitem>
+
     <listitem>
      <para>
       Properly reject attempts to convert infinite float values to