upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-10 10:11:28 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Alvaro Herrera e8b8eb9376 Fix priv checks for ALTER <object> DEPENDS ON EXTENSION 
Marking an object as dependant on an extension did not have any
privilege check whatsoever; this allowed any user to mark objects as
droppable by anyone able to DROP EXTENSION, which could be used to cause
system-wide havoc.  Disallow by checking that the calling user owns the
mentioned object.

(No constraints are placed on the extension.)

Security: CVE-2020-1720
Reported-by: Tom Lane
Discussion: 31605.1566429043@sss.pgh.pa.us
2020-02-10 12:06:25 -03:00
..
backend Fix priv checks for ALTER <object> DEPENDS ON EXTENSION 2020-02-10 12:06:25 -03:00
bin Translation updates 2020-02-10 12:57:12 +01:00
common Fix portability failure introduced in commits d2b0b60e7 et al. 2018-12-26 15:30:30 -05:00
fe_utils Fix translation of special characters in psql's LaTeX output modes. 2018-11-26 17:32:51 -05:00
include Fix CheckAttributeType's handling of collations for ranges. 2020-01-31 17:03:55 -05:00
interfaces Translation updates 2020-02-10 12:57:12 +01:00
makefiles Select CFLAGS_SL at configure time, not in platform-specific Makefiles. 2019-10-21 12:32:36 -04:00
pl Translation updates 2019-11-11 10:27:46 +01:00
port In pgwin32_open, loop after ERROR_ACCESS_DENIED only if we can't stat. 2019-12-21 17:39:36 -05:00
template Select CFLAGS_SL at configure time, not in platform-specific Makefiles. 2019-10-21 12:32:36 -04:00
test When a TAP file has non-zero exit status, retain temporary directories. 2020-02-05 08:27:17 -08:00
timezone Update time zone data files to tzdata release 2019c. 2019-09-20 19:54:20 -04:00
tools Handle spaces in OpenSSL install location for MSVC 2019-10-04 15:39:02 -04:00
tutorial Update copyright for 2016 2016-01-02 13:33:40 -05:00
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
bcc32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
DEVELOPERS Replace a couple of references to files that no longer exist in the source 2009-05-04 08:08:47 +00:00
Makefile Install TAP test infrastructure so it's available for extension testing. 2016-09-23 15:50:00 -04:00
Makefile.global.in Select CFLAGS_SL at configure time, not in platform-specific Makefiles. 2019-10-21 12:32:36 -04:00
Makefile.shlib Ensure static libraries have correct mod time even if ranlib messes it up. 2018-11-29 15:53:44 -05:00
nls-global.mk nls-global.mk: search build dir for source files, too 2016-06-07 18:55:18 -04:00
win32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00