]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 15a8f97) | patch
Prevent privilege escalation in explicit calls to PL validators.
authorNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:33 +0000 (09:33 -0500)
commit1d701d28a796ea2d1a4d2be9e9ee06209eaea040
tree539b23c188cada8390ff3fbfd5b6577eb457fd27tree | snapshot
parent15a8f97b9d16aaf659f58c981242b9da591cf24ccommit | diff
Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
doc/src/sgml/plhandler.sgml diff | blob | history
src/backend/catalog/pg_proc.c diff | blob | history
src/backend/commands/functioncmds.c diff | blob | history
src/backend/utils/fmgr/fmgr.c diff | blob | history
src/include/fmgr.h diff | blob | history
src/pl/plperl/plperl.c diff | blob | history
src/pl/plpgsql/src/pl_handler.c diff | blob | history
src/pl/plpython/plpy_main.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.