]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7890636) | patch
Prevent privilege escalation in explicit calls to PL validators.
authorNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:37 +0000 (09:33 -0500)
commitc0ac4c75ff048b8ff6d8436946e9c414c2b64f94
tree225b6831051f35d0ec7a2f1d8927b1da93981bactree | snapshot
parent789063697908d7531fc4fe9c72976ea642e68d15commit | diff
Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
doc/src/sgml/plhandler.sgml diff | blob | history
src/backend/catalog/pg_proc.c diff | blob | history
src/backend/commands/functioncmds.c diff | blob | history
src/backend/utils/fmgr/fmgr.c diff | blob | history
src/include/fmgr.h diff | blob | history
src/pl/plperl/plperl.c diff | blob | history
src/pl/plpgsql/src/pl_handler.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.