]> git.ipfire.org Git - thirdparty/postgresql.git/commit
projects / thirdparty / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5d320a1) | patch
Prevent privilege escalation in explicit calls to PL validators.
authorNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:36 +0000 (09:33 -0500)
commit23b5a85e60c464ab8bc438a547a4b15260ca9453
treea7052c7e2039ec185e9b44fdf9b1596c48396a3ctree | snapshot
parent5d320a16ca544d6e125e962ed325463ad8bec240commit | diff
Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
doc/src/sgml/plhandler.sgml diff | blob | blame | history
src/backend/catalog/pg_proc.c diff | blob | blame | history
src/backend/commands/functioncmds.c diff | blob | blame | history
src/backend/utils/fmgr/fmgr.c diff | blob | blame | history
src/include/fmgr.h diff | blob | blame | history
src/pl/plperl/plperl.c diff | blob | blame | history
src/pl/plpgsql/src/pl_handler.c diff | blob | blame | history
src/pl/plpython/plpython.c diff | blob | blame | history
Mirror of https://git.postgresql.org/git/postgresql.git