OSSForks/postgres
1
0
Fork 0
mirror of https://github.com/zebrajr/postgres.git synced 2025-12-07 12:20:31 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
d66dcb144a
postgres/src
History
Tom Lane 218cf59b60 Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600
2008-01-03 21:25:58 +00:00
..
backend Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 2008-01-03 21:25:58 +00:00
bin Translation updates 2007-09-13 20:49:39 +00:00
corba
data
include Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 2008-01-03 21:25:58 +00:00
interfaces Stamp releases 8.2.5, 8.1.10, 8.0.14, 7.4.18, 7.3.20. 2007-09-11 17:36:33 +00:00
makefiles Use -fPIC on Sparc, per Tom Callaway. 2003-05-19 17:51:08 +00:00
pl Fix an ancient logic error in plpgsql's exec_stmt_block: it thought it could 2007-02-08 18:38:31 +00:00
port Add port support for unsetenv() in back branches. Needed for locale 2006-01-05 00:51:52 +00:00
template Mark SCO Openserver 5.0.4. supported by 7.3.1 as per chat report from user. 2002-12-11 22:27:34 +00:00
test Support explicit placement of the temporary-table schema within search_path. 2007-04-20 02:38:59 +00:00
tools Stamp release 7.3.11. 2005-10-03 17:24:27 +00:00
tutorial Change \' to '', for SQL standards compliance. Backpatch to 7.3, 7.4, 2006-05-21 19:56:41 +00:00
utils Re-add Win32 missing files, I think. 2002-11-02 02:00:35 +00:00
DEVELOPERS
Makefile Assorted fixes for Cygwin: 2002-09-05 18:28:46 +00:00
Makefile.global.in Remove leftovers from subproject removals. Fixes for Python and Kerberos 2002-09-04 22:54:18 +00:00
Makefile.shlib Cause symlinks for shared-library versioning to run in the standard 2003-01-11 17:22:34 +00:00
nls-global.mk Avoid shell syntax error if list of languages is empty. 2002-09-02 22:19:42 +00:00
win32.mak Remove all traces of multibyte and locale options. Clean up comments 2002-09-03 21:45:44 +00:00