upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-14 14:42:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/include
History
Tom Lane 5579726bd6 In extensions, don't replace objects not belonging to the extension. 
Previously, if an extension script did CREATE OR REPLACE and there was
an existing object not belonging to the extension, it would overwrite
the object and adopt it into the extension.  This is problematic, first
because the overwrite is probably unintentional, and second because we
didn't change the object's ownership.  Thus a hostile user could create
an object in advance of an expected CREATE EXTENSION command, and would
then have ownership rights on an extension object, which could be
modified for trojan-horse-type attacks.

Hence, forbid CREATE OR REPLACE of an existing object unless it already
belongs to the extension.  (Note that we've always forbidden replacing
an object that belongs to some other extension; only the behavior for
previously-free-standing objects changes here.)

For the same reason, also fail CREATE IF NOT EXISTS when there is
an existing object that doesn't belong to the extension.

Our thanks to Sven Klemm for reporting this problem.

Security: CVE-2022-2625
2022-08-08 11:12:31 -04:00
..
access Force immediate commit after CREATE DATABASE etc in extended protocol. 2022-07-26 13:07:03 -04:00
bootstrap Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
catalog In extensions, don't replace objects not belonging to the extension. 2022-08-08 11:12:31 -04:00
commands Fix ENABLE/DISABLE TRIGGER to handle recursion correctly 2022-08-05 09:47:02 +02:00
common Move connect.h from fe_utils to src/include/common. 2020-08-10 09:22:58 -07:00
datatype Update copyright for 2019 2019-01-02 12:44:25 -05:00
executor Re-add SPICleanup for ABI compatibility in stable branch 2022-07-18 19:33:46 +02:00
fe_utils Fix parallel restore of FKs to partitioned tables 2019-10-17 09:58:01 +02:00
foreign Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
jit jit: Do not try to shut down LLVM state in case of LLVM triggered errors. 2021-09-13 18:26:18 -07:00
lib Fix incorrect hash table resizing code in simplehash.h 2021-08-13 16:43:13 +12:00
libpq Harden be-gssapi-common.h for headerscheck 2021-11-26 17:00:29 -03:00
mb Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
nodes Fix ENABLE/DISABLE TRIGGER to handle recursion correctly 2022-08-05 09:47:02 +02:00
optimizer Fix pull_varnos' miscomputation of relids set for a PlaceHolderVar. 2021-01-21 15:37:23 -05:00
parser Calculate extraUpdatedCols in query rewriter, not parser. 2020-10-28 13:47:02 -04:00
partitioning Fix hash partition pruning with asymmetric partition sets. 2021-01-28 13:41:55 -05:00
port Remove unnecessary declaration in win32_port.h 2021-06-08 13:40:10 +09:00
portability Update copyright for 2019 2019-01-02 12:44:25 -05:00
postmaster Fix race condition between shutdown and unstarted background workers. 2020-12-24 17:00:43 -05:00
regex Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
replication Fix the logical replication timeout during large transactions. 2022-05-11 10:25:56 +05:30
rewrite Calculate extraUpdatedCols in query rewriter, not parser. 2020-10-28 13:47:02 -04:00
snowball Update copyright for 2019 2019-01-02 12:44:25 -05:00
statistics Fix choose_best_statistics to check clauses individually 2019-11-28 22:26:25 +01:00
storage Fix lock assertions in dshash.c. 2022-07-11 15:51:47 +12:00
tcop Restore the portal-level snapshot after procedure COMMIT/ROLLBACK. 2021-05-21 14:03:53 -04:00
tsearch Don't leak compiled regex(es) when an ispell cache entry is dropped. 2021-03-18 21:44:43 -04:00
utils Suppress compiler warning in relptr_store(). 2022-03-26 14:29:52 -04:00
.gitignore Refactor dlopen() support 2018-09-06 11:33:04 +02:00
c.h pg_attribute_no_sanitize_alignment() macro 2021-02-13 17:49:08 -05:00
fmgr.h Fix minor violations of FunctionCallInvoke usage protocol. 2020-04-21 14:23:58 -04:00
funcapi.h Avoid holding a directory FD open across assorted SRF calls. 2020-03-16 21:05:53 -04:00
getaddrinfo.h Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
getopt_long.h Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
Makefile Get rid of jsonpath_gram.h and jsonpath_scanner.h 2019-03-20 11:13:34 +03:00
miscadmin.h Refactor CHECK_FOR_INTERRUPTS() to add flexibility. 2021-05-14 12:54:26 -04:00
pg_config.h.in Suppress warning about stack_base_ptr with late-model GCC. 2022-02-17 22:45:34 -05:00
pg_config.h.win32 Stamp 12.11. 2022-05-09 17:18:31 -04:00
pg_config_ext.h.in Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
pg_config_ext.h.win32 Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
pg_config_manual.h Update copyright for 2019 2019-01-02 12:44:25 -05:00
pg_getopt.h Use our own getopt() on OpenBSD. 2019-01-18 15:06:26 -05:00
pg_trace.h Update copyright for 2019 2019-01-02 12:44:25 -05:00
pgstat.h Fix waiting in RegisterSyncRequest(). 2022-03-16 15:38:13 +13:00
pgtar.h Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
pgtime.h Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
port.h Add fallback implementation for setenv() 2021-06-01 09:27:31 +09:00
postgres.h Change function call information to be variable length. 2019-01-26 14:17:52 -08:00
postgres_ext.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
postgres_fe.h Update copyright for 2019 2019-01-02 12:44:25 -05:00
rusagestub.h Update copyright for 2019 2019-01-02 12:44:25 -05:00
windowapi.h Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00