database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-21 16:02:15 +03:00
Code Activity

Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,

Browse Source 
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600
This commit is contained in:
Tom Lane
2008-01-03 21:23:15 +00:00
parent 98f27aaef3
commit eedb068c0a
13 changed files with 237 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/include/miscadmin.h
View File

@ -13,7 +13,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.198 2008/01/01 19:45:56 momjian Exp $
* $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.199 2008/01/03 21:23:15 tgl Exp $
*
* NOTES
* some of the information in this file should be moved to other files.
@ -234,12 +234,13 @@ extern void SetDatabasePath(const char *path);
extern char *GetUserNameFromId(Oid roleid);
extern Oid GetUserId(void);
extern void SetUserId(Oid userid);
extern Oid GetOuterUserId(void);
extern Oid GetSessionUserId(void);
extern void GetUserIdAndContext(Oid *userid, bool *sec_def_context);
extern void SetUserIdAndContext(Oid userid, bool sec_def_context);
extern bool InSecurityDefinerContext(void);
extern void InitializeSessionUserId(const char *rolename);
extern void InitializeSessionUserIdStandalone(void);
extern void AtAbort_UserId(void);
extern void SetSessionAuthorization(Oid userid, bool is_superuser);
extern Oid GetCurrentRoleId(void);
extern void SetCurrentRoleId(Oid roleid, bool is_superuser);