database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-22 12:22:45 +03:00
Code Activity

Fix search_path to a safe value during maintenance operations.

Browse Source 
While executing maintenance operations (ANALYZE, CLUSTER, REFRESH
MATERIALIZED VIEW, REINDEX, or VACUUM), set search_path to
'pg_catalog, pg_temp' to prevent inconsistent behavior.

Functions that are used for functional indexes, in index expressions,
or in materialized views and depend on a different search path must be
declared with CREATE FUNCTION ... SET search_path='...'.

This change addresses a security risk introduced in commit 60684dd834,
where a role with MAINTAIN privileges on a table may be able to
escalate privileges to the table owner. That commit is not yet part of
any release, so no need to backpatch.

Discussion: https://postgr.es/m/e44327179e5c9015c8dda67351c04da552066017.camel%40j-davis.com
Reviewed-by: Greg Stark
Reviewed-by: Nathan Bossart
This commit is contained in:
Jeff Davis
2023-06-09 11:20:47 -07:00
parent 9aee26a491
commit 05e1737351
15 changed files with 48 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/backend/catalog/index.c
View File

@@ -1475,6 +1475,8 @@ index_concurrently_build(Oid heapRelationId,
SetUserIdAndSecContext(heapRel->rd_rel->relowner,
save_sec_context | SECURITY_RESTRICTED_OPERATION);
save_nestlevel = NewGUCNestLevel();
SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET,
PGC_S_SESSION);
indexRelation = index_open(indexRelationId, RowExclusiveLock);
@@ -3006,6 +3008,8 @@ index_build(Relation heapRelation,
SetUserIdAndSecContext(heapRelation->rd_rel->relowner,
save_sec_context | SECURITY_RESTRICTED_OPERATION);
save_nestlevel = NewGUCNestLevel();
SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET,
PGC_S_SESSION);
/* Set up initial progress report status */
{
@@ -3341,6 +3345,8 @@ validate_index(Oid heapId, Oid indexId, Snapshot snapshot)
SetUserIdAndSecContext(heapRelation->rd_rel->relowner,
save_sec_context | SECURITY_RESTRICTED_OPERATION);
save_nestlevel = NewGUCNestLevel();
SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET,
PGC_S_SESSION);
indexRelation = index_open(indexId, RowExclusiveLock);
@@ -3601,6 +3607,8 @@ reindex_index(Oid indexId, bool skip_constraint_checks, char persistence,
SetUserIdAndSecContext(heapRelation->rd_rel->relowner,
save_sec_context | SECURITY_RESTRICTED_OPERATION);
save_nestlevel = NewGUCNestLevel();
SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET,
PGC_S_SESSION);
if (progress)
{