]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fea164a) | patch
Prevent privilege escalation in explicit calls to PL validators.
authorNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
commit537cbd35c893e67a63c59bc636c3e888bd228bc7
tree0315dbc61a19a835e3c446122c337655ad8794d4tree | snapshot
parentfea164a72a7bfd50d77ba5fb418d357f8f2bb7d0commit | diff
Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
doc/src/sgml/plhandler.sgml diff | blob | history
src/backend/catalog/pg_proc.c diff | blob | history
src/backend/commands/functioncmds.c diff | blob | history
src/backend/utils/fmgr/fmgr.c diff | blob | history
src/include/fmgr.h diff | blob | history
src/pl/plperl/plperl.c diff | blob | history
src/pl/plpgsql/src/pl_handler.c diff | blob | history
src/pl/plpython/plpy_main.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.