mirror of
https://github.com/postgres/postgres.git
synced 2025-09-02 04:21:28 +03:00
Replace last PushOverrideSearchPath() call with set_config_option().
The two methods don't cooperate, so set_config_option("search_path",
...) has been ineffective under non-empty overrideStack. This defect
enabled an attacker having database-level CREATE privilege to execute
arbitrary code as the bootstrap superuser. While that particular attack
requires v13+ for the trusted extension attribute, other attacks are
feasible in all supported versions.
Standardize on the combination of NewGUCNestLevel() and
set_config_option("search_path", ...). It is newer than
PushOverrideSearchPath(), more-prevalent, and has no known
disadvantages. The "override" mechanism remains for now, for
compatibility with out-of-tree code. Users should update such code,
which likely suffers from the same sort of vulnerability closed here.
Back-patch to v11 (all supported versions).
Alexander Lakhin. Reported by Alexander Lakhin.
Security: CVE-2023-2454
This commit is contained in:
Noah Misch
@@ -13,7 +13,7 @@ PGFILEDESC = "seg - line segment data type"
|
||||
|
||||
HEADERS = segdata.h
|
||||
|
||||
REGRESS = seg
|
||||
REGRESS = security seg
|
||||
|
||||
EXTRA_CLEAN = y.tab.c y.tab.h
|
||||
|
||||
|
||||
Reference in New Issue
Block a user