Fix bug that allowed any logged-in user to SET ROLE to any other database user

id (CVE-2006-0553). Also fix related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, the Assert-crash risk exists in all releases back to 7.3. Thanks to Akio Ishida for reporting this problem.
2025-07-07 00:36:50 +03:00 · 2006-02-12 22:32:43 +00:00
parent 2a5180c26e
commit 226a980bb0
4 changed files with 22 additions and 11 deletions
--- a/src/include/utils/guc_tables.h
+++ b/src/include/utils/guc_tables.h
@ -7,7 +7,7 @@
 *
 * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
 *
- *	  $PostgreSQL: pgsql/src/include/utils/guc_tables.h,v 1.20 2005/07/14 05:13:44 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/include/utils/guc_tables.h,v 1.21 2006/02/12 22:32:43 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -126,6 +126,7 @@ struct config_generic
 #define GUC_DISALLOW_IN_FILE	0x0040	/* can't set in postgresql.conf */
 #define GUC_CUSTOM_PLACEHOLDER	0x0080	/* placeholder for custom variable */
 #define GUC_SUPERUSER_ONLY		0x0100	/* show only to superusers */
+#define GUC_IS_NAME				0x0200	/* limit string to NAMEDATALEN-1 */

 /* bit values in status field */
 #define GUC_HAVE_TENTATIVE	0x0001		/* tentative value is defined */