upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-13 07:43:11 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
61572 commits 38 branches 674 tags 836 MiB
C 84.9%
PLpgSQL 6.1%
Perl 4.7%
Yacc 1.2%
Meson 0.7%
Other 2.2%
Find a file
Peter Eisentraut 0cd69b3d7e Restrict virtual columns to use built-in functions and types 
Just like selecting from a view is exploitable (CVE-2024-7348),
selecting from a table with virtual generated columns is exploitable.
Users who are concerned about this can avoid selecting from views, but
telling them to avoid selecting from tables is less practical.

To address this, this changes it so that generation expressions for
virtual generated columns are restricted to using built-in functions
and types, and the columns are restricted to having a built-in type.
We assume that built-in functions and types cannot be exploited for
this purpose.

In the future, this could be expanded by some new mechanism to declare
other functions and types as safe or trusted for this purpose, but
that is to be designed.

(An alternative approach might have been to expand the
restrict_nonsystem_relation_kind GUC to handle this, like the fix for
CVE-2024-7348.  But that is kind of an ugly approach.  That fix had to
fit in the constraints of fixing an ancient vulnerability in all
branches.  Since virtual generated columns are new, we're free from
the constraints of the past, and we can and should use cleaner
options.)

Reported-by: Feike Steenbergen <feikesteenbergen@gmail.com>
Reviewed-by: jian he <jian.universality@gmail.com>
Discussion: https://www.postgresql.org/message-id/flat/CAK_s-G2Q7de8Q0qOYUR%3D_CTB5FzzVBm5iZjOp%2BmeVWpMpmfO0w%40mail.gmail.com
2025-06-25 09:56:49 +02:00
.github Add CODE_OF_CONDUCT.md, CONTRIBUTING.md, and SECURITY.md. 2024-07-02 13:03:58 -05:00
config Include _mm512_zextsi128_si512() in AVX-512 configure probes. 2025-06-23 11:50:21 -04:00
contrib Make query jumbling also squash PARAM_EXTERN params 2025-06-24 19:36:32 +02:00
doc Restrict virtual columns to use built-in functions and types 2025-06-25 09:56:49 +02:00
src Restrict virtual columns to use built-in functions and types 2025-06-25 09:56:49 +02:00
.cirrus.star Remove duplicate words in docs and code comments. 2023-10-09 09:18:47 +05:30
.cirrus.tasks.yml ci: Check for missing dependencies in meson builds 2025-04-09 22:01:58 +02:00
.cirrus.yml ci: Test NetBSD and OpenBSD 2025-02-12 09:40:07 -05:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add script to keep .editorconfig in sync with .gitattributes 2025-02-01 10:09:45 +01:00
.git-blame-ignore-revs Add commit b27644bad to .git-blame-ignore-revs. 2025-06-15 13:11:04 -04:00
.gitattributes Add script to keep .editorconfig in sync with .gitattributes 2025-02-01 10:09:45 +01:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
.mailmap Add a Git .mailmap file 2024-11-05 13:56:02 +01:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Include _mm512_zextsi128_si512() in AVX-512 configure probes. 2025-06-23 11:50:21 -04:00
configure.ac Make our usage of memset_s() conform strictly to the C11 standard. 2025-05-18 12:45:55 -04:00
COPYRIGHT Align organization wording in copyright statement 2025-05-16 11:20:07 -04:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Remove AIX support 2024-02-28 15:17:23 +04:00
meson.build Include _mm512_zextsi128_si512() in AVX-512 configure probes. 2025-06-23 11:50:21 -04:00
meson_options.txt Add support for basic NUMA awareness 2025-04-07 23:08:17 +02:00
README.md Revise the style of a paragraph in README.md. 2024-03-21 10:16:41 -05:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/devel/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/devel/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.