granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 20 Apr 2007 02:37:49 +0000 (02:37 +0000)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Fri, 20 Apr 2007 02:37:49 +0000 (02:37 +0000)
commit	d694bdd1c9a2f4042f74fbc1f5e4e82f99aa4aac
tree	b247d3ec5441bd5b6f02cb67357b758b833d1626	tree \| snapshot
parent	4e6c6a40e0a516fc84d7dd3f9bced47755d43361	commit \| diff

Support explicit placement of the temporary-table schema within search_path.
This is needed to allow a security-definer function to set a truly secure
value of search_path.  Without it, a malicious user can use temporary objects
to execute code with the privileges of the security-definer function.  Even
pushing the temp schema to the back of the search path is not quite good
enough, because a function or operator at the back of the path might still
capture control from one nearer the front due to having a more exact datatype
match.  Hence, disable searching the temp schema altogether for functions and
operators.

Security: CVE-2007-2138

doc/src/sgml/config.sgml		diff \| blob \| history
doc/src/sgml/ref/create_function.sgml		diff \| blob \| history
doc/src/sgml/release.sgml		diff \| blob \| history
src/backend/catalog/aclchk.c		diff \| blob \| history
src/backend/catalog/namespace.c		diff \| blob \| history
src/test/regress/expected/temp.out		diff \| blob \| history
src/test/regress/sql/temp.sql		diff \| blob \| history