]> granicus.if.org Git - postgresql/commitdiff
projects / postgresql / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7008e70)
Force certain "pljava" custom GUCs to be PGC_SUSET.
authorNoah Misch <noah@leadboat.com>
Sat, 6 Feb 2016 01:22:51 +0000 (20:22 -0500)
committerNoah Misch <noah@leadboat.com>
Sat, 6 Feb 2016 01:22:51 +0000 (20:22 -0500)
Future PL/Java versions will close CVE-2016-0766 by making these GUCs
PGC_SUSET.  This PostgreSQL change independently mitigates that PL/Java
vulnerability, helping sites that update PostgreSQL more frequently than
PL/Java.  Back-patch to 9.1 (all supported versions).

src/backend/utils/misc/guc.c patch | blob | history

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 83b8388bd06ed71ab780a4e67362a7cab02a3a7e..66c479141f3dec953e647cd3337361f53f74c5f3 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -7264,6 +7264,17 @@ init_custom_variable(const char *name,
                !process_shared_preload_libraries_in_progress)
                elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
 
+       /*
+        * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
+        * (2015-12-15), two of that module's PGC_USERSET variables facilitated
+        * trivial escalation to superuser privileges.  Restrict the variables to
+        * protect sites that have yet to upgrade pljava.
+        */
+       if (context == PGC_USERSET &&
+               (strcmp(name, "pljava.classpath") == 0 ||
+                strcmp(name, "pljava.vmoptions") == 0))
+               context = PGC_SUSET;
+
        gen = (struct config_generic *) guc_malloc(ERROR, sz);
        memset(gen, 0, sz);
 
Unnamed repository; edit this file 'description' to name the repository.