From: | tgl(at)postgresql(dot)org (Tom Lane) |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other |
Date: | 2006-02-12 22:32:43 |
Message-ID: | 20060212223243.37CA69DCA73@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Log Message:
-----------
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553). Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled. The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.
Modified Files:
--------------
pgsql/src/backend/commands:
variable.c (r1.115 -> r1.116)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/variable.c.diff?r1=1.115&r2=1.116)
pgsql/src/backend/utils/mb:
encnames.c (r1.27 -> r1.28)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/encnames.c.diff?r1=1.27&r2=1.28)
pgsql/src/backend/utils/misc:
guc.c (r1.310 -> r1.311)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c.diff?r1=1.310&r2=1.311)
pgsql/src/include/utils:
guc_tables.h (r1.20 -> r1.21)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/guc_tables.h.diff?r1=1.20&r2=1.21)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2006-02-12 22:32:57 | pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other |
Previous Message | Bruce Momjian | 2006-02-12 21:15:20 | pgsql: Throw a warning rather than an error on invalid character from |