granicus.if.org Git - postgresql/commit

author	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committer	Noah Misch <noah@leadboat.com>
	Mon, 17 Feb 2014 14:33:38 +0000 (09:33 -0500)
commit	823b9dc2566dbdbdab3c08b83adb64eb428b8ca5
tree	d275d3e31ab3070af84d25f1e19f9951bc3e0560	tree \| snapshot
parent	ff35425c8f81541c8dc10486ed21ef1cfdae693e	commit \| diff

Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly. Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve. Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061

src/backend/catalog/pg_proc.c		diff \| blob \| history
src/backend/commands/functioncmds.c		diff \| blob \| history
src/backend/utils/fmgr/fmgr.c		diff \| blob \| history
src/include/fmgr.h		diff \| blob \| history
src/pl/plperl/plperl.c		diff \| blob \| history
src/pl/plpgsql/src/pl_handler.c		diff \| blob \| history