]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2a5180c) | patch
Fix bug that allowed any logged-in user to SET ROLE to any other database user
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 12 Feb 2006 22:32:43 +0000 (22:32 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 12 Feb 2006 22:32:43 +0000 (22:32 +0000)
commit226a980bb0dfaaa4cee3650889218483aa9ec632
tree8a8df23e3b21ed9d377b5805bfaaa372e3a074e4tree | snapshot
parent2a5180c26e4769171a64cbc6827488fbcf349e38commit | diff
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.
src/backend/commands/variable.c diff | blob | history
src/backend/utils/mb/encnames.c diff | blob | history
src/backend/utils/misc/guc.c diff | blob | history
src/include/utils/guc_tables.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.