Re: Fixes for missing schema qualifications

On Thu, Nov 29, 2018 at 04:20:24PM +0900, Michael Paquier wrote:
> From what I can see in my backlog, this never actually got into the
> tree, and it seems to me that fixing those issues is always better than
> nothing:
> https://www.postgresql.org/message-id/20180309075538.GD9376@paquier.xyz
>
> Any thoughts? This does not reinvent the wheel..

On Fri, Mar 09, 2018 at 04:55:38PM +0900, Michael Paquier wrote:
> Subject: [PATCH] Fix missing schema qualifications in code
>
> Per CVE-2018-1058, not using proper schema qualifications can allow an
> attacker who has an account on the server to execute arbitrary code as a
> superuser even if he has no such rights. After monitoring the whole
> code of Postgres, I have bumped into four places that need to be
> addressed:

This patch provides no meaningful increment in security or reliability, but it
does improve stylistic consistency. Fine to proceed on those grounds, but
this description doesn't fit.

> --- a/src/test/modules/worker_spi/worker_spi.c
> +++ b/src/test/modules/worker_spi/worker_spi.c
> @@ -115,7 +115,9 @@ initialize_worker_spi(worktable *table)
>
> /* XXX could we use CREATE SCHEMA IF NOT EXISTS? */
> initStringInfo(&buf);
> - appendStringInfo(&buf, "select count(*) from pg_namespace where nspname = '%s'",
> + appendStringInfo(&buf,
> + "select pg_catalog.count(*) "
> + "from pg_catalog.pg_namespace where nspname = '%s'",
> table->schema);

Remove this change. The rest of the file doesn't schema-qualify, which is
appropriate for code implementing a test case.