mirror of
https://github.com/postgres/postgres.git
synced 2026-02-17 17:55:04 -05:00
01e8182c73
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as the bootstrap superuser. While that particular attack
requires v13+ for the trusted extension attribute, other attacks are
feasible in all supported versions.
Standardize on the combination of NewGUCNestLevel() and
set_config_option("search_path", ...). It is newer than
PushOverrideSearchPath(), more-prevalent, and has no known
disadvantages. The "override" mechanism remains for now, for
compatibility with out-of-tree code. Users should update such code,
which likely suffers from the same sort of vulnerability closed here.
Back-patch to v11 (all supported versions).
Alexander Lakhin. Reported by Alexander Lakhin.
Security: CVE-2023-2454
|
||
|---|---|---|
| .. | ||
| data | ||
| expected | ||
| sql | ||
| .gitignore | ||
| Makefile | ||
| seg--1.0--1.1.sql | ||
| seg--1.1--1.2.sql | ||
| seg--1.1.sql | ||
| seg--1.2--1.3.sql | ||
| seg--1.3--1.4.sql | ||
| seg-validate.pl | ||
| seg.c | ||
| seg.control | ||
| segdata.h | ||
| segparse.y | ||
| segscan.l | ||
| sort-segments.pl | ||