upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-26 03:11:02 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Noah Misch 537cbd35c8 Prevent privilege escalation in explicit calls to PL validators. 
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
2014-02-17 09:33:31 -05:00
..
backend Prevent privilege escalation in explicit calls to PL validators. 2014-02-17 09:33:31 -05:00
bin Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
common Fix unsafe references to errno within error messaging logic. 2014-01-29 20:04:43 -05:00
include Prevent privilege escalation in explicit calls to PL validators. 2014-02-17 09:33:31 -05:00
interfaces Improve libpq's error recovery for connection loss during COPY. 2014-02-12 17:50:57 -05:00
makefiles Flush a stray definition of $(DLLTOOL). 2014-02-11 12:59:48 -05:00
pl Prevent privilege escalation in explicit calls to PL validators. 2014-02-17 09:33:31 -05:00
port Fix unportable coding in tarCreateHeader(). 2014-02-16 20:01:18 -05:00
template Revert to using --enable-auto-import in Cygwin builds. 2014-02-16 15:14:04 -05:00
test Shore up ADMIN OPTION restrictions. 2014-02-17 09:33:31 -05:00
timezone Centralize getopt-related declarations in a new header file pg_getopt.h. 2014-02-15 14:31:30 -05:00
tools Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00
tutorial Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
bcc32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
DEVELOPERS Replace a couple of references to files that no longer exist in the source 2009-05-04 08:08:47 +00:00
Makefile Create libpgcommon, and move pg_malloc et al to it 2013-02-12 11:21:05 -03:00
Makefile.global.in Cygwin build fixes. 2014-02-11 12:10:52 -05:00
Makefile.shlib Tweak position of $(DLL_DEFFILE) in shared-library link commands. 2014-02-12 11:22:23 -05:00
nls-global.mk Remove maintainer-check target, fold into normal build 2013-10-10 20:11:56 -04:00
win32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00