Skip site navigation (1) Skip section navigation (2)

pgsql: Prevent PL/Tcl from loading the "unknown" module from

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Prevent PL/Tcl from loading the "unknown" module from
Date: 2010-05-13 18:29:31
Message-ID: 20100513182931.B389D7541D2@cvs.postgresql.org (view raw or flat)
Thread:
Lists: pgsql-committers
Log Message:
-----------
Prevent PL/Tcl from loading the "unknown" module from pltcl_modules unless
that is a regular table or view owned by a superuser.  This prevents a
trojan horse attack whereby any unprivileged SQL user could create such a
table and insert code into it that would then get executed in other users'
sessions whenever they call pltcl functions.

Worse yet, because the code was automatically loaded into both the "normal"
and "safe" interpreters at first use, the attacker could execute unrestricted
Tcl code in the "normal" interpreter without there being any pltclu functions
anywhere, or indeed anyone else using pltcl at all: installing pltcl is
sufficient to open the hole.  Change the initialization logic so that the
"unknown" code is only loaded into an interpreter when the interpreter is
first really used.  (That doesn't add any additional security in this
particular context, but it seems a prudent change, and anyway the former
behavior violated the principle of least astonishment.)

Security: CVE-2010-1170

Tags:
----
REL8_2_STABLE

Modified Files:
--------------
    pgsql/doc/src/sgml:
        pltcl.sgml (r2.42.2.1 -> r2.42.2.2)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/pltcl.sgml?r1=2.42.2.1&r2=2.42.2.2)
    pgsql/src/pl/tcl:
        pltcl.c (r1.108.2.2 -> r1.108.2.3)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/pl/tcl/pltcl.c?r1=1.108.2.2&r2=1.108.2.3)

pgsql-committers by date

Next:From: Tom LaneDate: 2010-05-13 18:29:37
Subject: pgsql: Prevent PL/Tcl from loading the "unknown" module from
Previous:From: Tom LaneDate: 2010-05-13 18:29:25
Subject: pgsql: Prevent PL/Tcl from loading the "unknown" module from

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group