upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-10 10:11:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/include
History
Tom Lane 3af35f8d40 Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600
2008-01-03 21:23:45 +00:00
..
access GIN index build's allocatedMemory counter needs to be long, not uint32. 2007-11-16 21:50:13 +00:00
bootstrap pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
catalog Add a defense to prevent core dumps if 8.2 version of rank_cd() is used with 2006-12-28 01:09:04 +00:00
commands Fix my oversight in enabling domains-of-domains: ALTER DOMAIN ADD CONSTRAINT 2007-05-11 20:18:21 +00:00
executor Repair problems occurring when multiple RI updates have to be done to the same 2007-08-15 19:15:55 +00:00
lib Update copyright for 2006. Update scripts. 2006-03-05 15:59:11 +00:00
libpq Fix recently-understood problems with handling of XID freezing, particularly 2006-11-05 22:42:10 +00:00
mb pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
nodes Rewrite make_outerjoininfo's construction of min_lefthand and min_righthand 2007-08-31 01:44:14 +00:00
optimizer Keep the planner from failing on "WHERE false AND something IN (SELECT ...)". 2007-10-04 20:44:55 +00:00
parser pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
port Back-patch mingw configure-check for gettimeofday so that 8.2 can 2007-11-29 16:44:26 +00:00
postmaster Implement a chunking protocol for writes to the syslogger pipe, with messages 2007-06-14 01:49:39 +00:00
regex Fix assorted security-grade bugs in the regex engine. All of these problems 2008-01-03 20:48:49 +00:00
rewrite Get rid of the separate RULE privilege for tables: now only a table's owner 2006-09-05 21:08:36 +00:00
storage Back-port changes of Jan 16 and 17 to "revoke" pending fsync requests during 2007-01-27 20:15:47 +00:00
tcop On platforms that have getrlimit(RLIMIT_STACK), use it to ensure that 2006-10-07 19:25:29 +00:00
utils Improve the performance of LIKE/regex estimation in non-C locales, by making 2007-11-07 22:37:33 +00:00
c.h Allow Borland CC to compile libpq and psql. 2007-01-11 02:40:12 +00:00
fmgr.h pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
funcapi.h pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
getaddrinfo.h pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
getopt_long.h Update copyright for 2006. Update scripts. 2006-03-05 15:59:11 +00:00
Makefile Allow installation into directories containing spaces in the name. 2005-12-09 21:19:36 +00:00
miscadmin.h Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 2008-01-03 21:23:45 +00:00
pg_config.h.in Back-patch mingw configure-check for gettimeofday so that 8.2 can 2007-11-29 16:44:26 +00:00
pg_config.h.win32 Fix missed version-stamping. 2007-09-14 14:05:52 +00:00
pg_config_manual.h Add built-in userlock manipulation functions to replace the former 2006-09-18 22:40:40 +00:00
pg_trace.h pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
pgstat.h Remove the pgstat_drop_relation() call from smgr_internal_unlink(), because 2007-07-08 22:23:25 +00:00
pgtime.h Fix up timetz input so that a date is required only when the specified 2006-10-18 16:43:14 +00:00
port.h Back-patch mingw configure-check for gettimeofday so that 8.2 can 2007-11-29 16:44:26 +00:00
postgres.h Allow include files to compile own their own. 2006-07-13 16:49:20 +00:00
postgres_ext.h Pgindent run for 8.0. 2004-08-29 05:07:03 +00:00
postgres_fe.h Update copyright for 2006. Update scripts. 2006-03-05 15:59:11 +00:00
rusagestub.h Update copyright for 2006. Update scripts. 2006-03-05 15:59:11 +00:00