upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-19 02:29:10 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src/include
History
Masahiko Sawada e81e53a0c1 Restrict accesses to non-system views and foreign tables during pg_dump. 
When pg_dump retrieves the list of database objects and performs the
data dump, there was possibility that objects are replaced with others
of the same name, such as views, and access them. This vulnerability
could result in code execution with superuser privileges during the
pg_dump process.

This issue can arise when dumping data of sequences, foreign
tables (only 13 or later), or tables registered with a WHERE clause in
the extension configuration table.

To address this, pg_dump now utilizes the newly introduced
restrict_nonsystem_relation_kind GUC parameter to restrict the
accesses to non-system views and foreign tables during the dump
process. This new GUC parameter is added to back branches too, but
these changes do not require cluster recreation.

Back-patch to all supported branches.

Reviewed-by: Noah Misch
Security: CVE-2024-7348
Backpatch-through: 12
2024-08-05 06:05:25 -07:00
..
access Ensure vacuum removes all visibly dead tuples older than OldestXmin 2024-07-19 12:05:51 -04:00
backup Move basebackup code to new directory src/backend/backup 2022-08-10 14:03:09 -04:00
bootstrap Apply PGDLLIMPORT markings broadly. 2022-04-08 08:16:38 -04:00
catalog Cope with inplace update making catcache stale during TOAST fetch. 2024-06-27 19:21:11 -07:00
commands Fix concurrent update issues with MERGE. 2023-03-13 10:23:42 +00:00
common Fix corner-case 64-bit integer subtraction bug on some platforms. 2023-11-09 09:54:22 +00:00
datatype Fix overflow hazards in interval input and output conversions. 2022-04-02 16:12:29 -04:00
executor Fix confusion about the return rowtype of SQL-language procedures. 2024-03-12 18:16:10 -04:00
fe_utils Allow db.schema.table patterns, but complain about random garbage. 2022-04-20 11:37:29 -04:00
foreign Update copyright for 2022 2022-01-07 19:04:57 -05:00
jit llvmjit: Use explicit LLVMContextRef for inlining 2023-11-17 10:21:34 +01:00
lib simplehash: Free collisions array in SH_STAT 2024-04-07 19:09:04 -07:00
libpq Fix handling of SCRAM-SHA-256's channel binding with RSA-PSS certificates 2023-02-15 10:12:31 +09:00
mb Move is_valid_ascii() to ascii.h. 2024-01-29 12:09:08 -06:00
nodes Ensure we allocate NAMEDATALEN bytes for names in Index Only Scans 2024-05-01 13:22:16 +12:00
optimizer Account for optimized MinMax aggregates during SS_finalize_plan. 2024-05-18 14:31:35 -04:00
parser Avoid unnecessary plancache revalidation of utility statements. 2023-08-24 12:02:40 -04:00
partitioning Refactor and cleanup runtime partition prune code a little 2022-04-05 11:46:48 +02:00
port Fix fallback implementation for pg_atomic_test_set_flag(). 2023-11-15 15:04:34 -06:00
portability Update copyright for 2022 2022-01-07 19:04:57 -05:00
postmaster Un-revert "Disable STARTUP_PROGRESS_TIMEOUT in standby mode." 2023-02-10 16:27:05 -05:00
regex Cope with <regex.h> name clashes. 2024-07-06 10:53:13 +12:00
replication Fix possibility of logical decoding partial transaction changes. 2024-07-11 22:48:16 +09:00
rewrite Fix calculation of which GENERATED columns need to be updated. 2023-01-05 14:12:17 -05:00
snowball Update copyright for 2022 2022-01-07 19:04:57 -05:00
statistics Add stxdinherit flag to pg_statistic_ext_data 2022-01-16 13:38:01 +01:00
storage Lock before setting relhassubclass on RELKIND_PARTITIONED_INDEX. 2024-06-27 19:21:10 -07:00
tcop Restrict accesses to non-system views and foreign tables during pg_dump. 2024-08-05 06:05:25 -07:00
tsearch Add comments and a missing CHECK_FOR_INTERRUPTS in ts_headline. 2022-11-21 17:07:07 -05:00
utils Update comment in portal.h. 2024-08-01 17:45:04 +09:00
.gitignore Refactor dlopen() support 2018-09-06 11:33:04 +02:00
c.h perl: Hide warnings inside perl.h when using gcc compatible compiler 2023-01-02 15:49:33 -08:00
fmgr.h Pre-beta mechanical code beautification. 2022-05-12 15:17:30 -04:00
funcapi.h Rename SetSingleFuncCall() to InitMaterializedSRF() 2022-10-18 10:22:40 +09:00
getaddrinfo.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
getopt_long.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
Makefile Build in some knowledge about foreign-key relationships in the catalogs. 2021-02-02 17:11:55 -05:00
miscadmin.h Process session_preload_libraries within InitPostgres's transaction. 2022-07-25 10:27:43 -04:00
pg_config.h.in Fix macro placement in pg_config.h.in 2024-07-26 14:16:40 +02:00
pg_config_ext.h.in Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
pg_config_manual.h Fix old-fd issues using global barriers everywhere. 2022-05-07 16:47:29 +12:00
pg_getopt.h Apply PGDLLIMPORT markings broadly. 2022-04-08 08:16:38 -04:00
pg_trace.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
pgstat.h Fix assertion failure when updating stats_fetch_consistency in a transaction 2023-05-10 11:24:40 +09:00
pgtar.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
pgtime.h Apply PGDLLIMPORT markings broadly. 2022-04-08 08:16:38 -04:00
port.h pg_basebackup: Fix cross-platform tablespace relocation. 2022-10-21 08:31:39 -04:00
postgres.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
postgres_ext.h Phase 2 of pgindent updates. 2017-06-21 15:19:25 -04:00
postgres_fe.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
rusagestub.h Update copyright for 2022 2022-01-07 19:04:57 -05:00
windowapi.h Update copyright for 2022 2022-01-07 19:04:57 -05:00