From: | tgl(at)postgresql(dot)org (Tom Lane) |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Support explicit placement of the temporary-table schema within |
Date: | 2007-04-20 02:38:33 |
Message-ID: | 20070420023833.BFFC29FB3FD@postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Log Message:
-----------
Support explicit placement of the temporary-table schema within search_path.
This is needed to allow a security-definer function to set a truly secure
value of search_path. Without it, a malicious user can use temporary objects
to execute code with the privileges of the security-definer function. Even
pushing the temp schema to the back of the search path is not quite good
enough, because a function or operator at the back of the path might still
capture control from one nearer the front due to having a more exact datatype
match. Hence, disable searching the temp schema altogether for functions and
operators.
Security: CVE-2007-2138
Tags:
----
REL8_0_STABLE
Modified Files:
--------------
pgsql/doc/src/sgml/ref:
create_function.sgml (r1.64 -> r1.64.4.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/create_function.sgml.diff?r1=1.64&r2=1.64.4.1)
pgsql/doc/src/sgml:
release.sgml (r1.321.4.34 -> r1.321.4.35)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/release.sgml.diff?r1=1.321.4.34&r2=1.321.4.35)
runtime.sgml (r1.301.4.8 -> r1.301.4.9)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/runtime.sgml.diff?r1=1.301.4.8&r2=1.301.4.9)
pgsql/src/backend/catalog:
aclchk.c (r1.108 -> r1.108.4.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/aclchk.c.diff?r1=1.108&r2=1.108.4.1)
namespace.c (r1.73.4.1 -> r1.73.4.2)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/namespace.c.diff?r1=1.73.4.1&r2=1.73.4.2)
pgsql/src/test/regress/expected:
temp.out (r1.9 -> r1.9.6.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/expected/temp.out.diff?r1=1.9&r2=1.9.6.1)
pgsql/src/test/regress/sql:
temp.sql (r1.5 -> r1.5.8.1)
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/test/regress/sql/temp.sql.diff?r1=1.5&r2=1.5.8.1)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2007-04-20 02:38:46 | pgsql: Support explicit placement of the temporary-table schema within |
Previous Message | Tom Lane | 2007-04-20 02:38:05 | pgsql: Support explicit placement of the temporary-table schema within |