database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-19 23:22:23 +03:00
Code Activity

Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,

Browse Source 
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600
This commit is contained in:
Tom Lane
2008-01-03 21:25:00 +00:00
parent 69abe8294b
commit 108b19d860
11 changed files with 184 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/backend/commands/schemacmds.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/commands/schemacmds.c,v 1.27 2004/12/31 21:59:41 pgsql Exp $
* $PostgreSQL: pgsql/src/backend/commands/schemacmds.c,v 1.27.4.1 2008/01/03 21:25:00 tgl Exp $
*
*-------------------------------------------------------------------------
*/
@@ -46,9 +46,10 @@ CreateSchemaCommand(CreateSchemaStmt *stmt)
const char *owner_name;
AclId owner_userid;
AclId saved_userid;
bool saved_secdefcxt;
AclResult aclresult;
saved_userid = GetUserId();
GetUserIdAndContext(&saved_userid, &saved_secdefcxt);
/*
* Figure out user identities.
@@ -71,7 +72,7 @@ CreateSchemaCommand(CreateSchemaStmt *stmt)
* (This will revert to session user on error or at the end of
* this routine.)
*/
SetUserId(owner_userid);
SetUserIdAndContext(owner_userid, true);
}
else
{
@@ -151,7 +152,7 @@ CreateSchemaCommand(CreateSchemaStmt *stmt)
PopSpecialNamespace(namespaceId);
/* Reset current user */
SetUserId(saved_userid);
SetUserIdAndContext(saved_userid, saved_secdefcxt);
}