projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 475a1fb) | patch
Prevent privilege escalation in explicit calls to PL validators.
authorNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:31 +0000 (09:33 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 17 Feb 2014 14:33:32 +0000 (09:33 -0500)
commitfc4a04a3c4f49ac8a74241401ffd5118c4d00842
tree2f54d5fb41c13d0fdcb85b2f6df93ba8a48c80e3tree
parent475a1fbc41a120ea3bd5f903e37c48d7a1769ff8commit | diff
Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
doc/src/sgml/plhandler.sgml diff | blob | blame | history
src/backend/catalog/pg_proc.c diff | blob | blame | history
src/backend/commands/functioncmds.c diff | blob | blame | history
src/backend/utils/fmgr/fmgr.c diff | blob | blame | history
src/include/fmgr.h diff | blob | blame | history
src/pl/plperl/plperl.c diff | blob | blame | history
src/pl/plpgsql/src/pl_handler.c diff | blob | blame | history
src/pl/plpython/plpy_main.c diff | blob | blame | history
This is the main PostgreSQL git repository.