rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-08-22 06:43:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
537cbd35c8
postgresql/src/backend/commands
History
Noah Misch 537cbd35c8 Prevent privilege escalation in explicit calls to PL validators. 
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly.  Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve.  Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.

Andres Freund, reviewed by Tom Lane and Noah Misch.

Security: CVE-2014-0061
2014-02-17 09:33:31 -05:00
..
aggregatecmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
alter.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
analyze.c Fix compute_scalar_stats() for case that all values exceed WIDTH_THRESHOLD. 2014-01-11 13:42:42 -05:00
async.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
cluster.c Separate multixact freezing parameters from xid's 2014-02-13 19:36:31 -03:00
collationcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
comment.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
constraint.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
conversioncmds.c Make various variables const (read-only). 2014-01-18 16:04:32 -05:00
copy.c Speed up COPY into tables with DEFAULT nextval() 2014-01-20 17:22:38 +00:00
createas.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
dbcommands.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
define.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
discard.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
dropcmds.c Make DROP IF EXISTS more consistently not fail 2014-01-23 14:40:29 -03:00
event_trigger.c Mark some more variables as static or include the appropriate header 2014-02-08 21:21:46 -05:00
explain.c Include planning time in EXPLAIN ANALYZE output. 2014-01-29 16:09:15 -05:00
extension.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
foreigncmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
functioncmds.c Prevent privilege escalation in explicit calls to PL validators. 2014-02-17 09:33:31 -05:00
indexcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
lockcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
Makefile Add a materialized view relations. 2013-03-03 18:23:31 -06:00
matview.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
opclasscmds.c Make DROP IF EXISTS more consistently not fail 2014-01-23 14:40:29 -03:00
operatorcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
portalcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
prepare.c Include planning time in EXPLAIN ANALYZE output. 2014-01-29 16:09:15 -05:00
proclang.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
schemacmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
seclabel.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
sequence.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
tablecmds.c Make DROP IF EXISTS more consistently not fail 2014-01-23 14:40:29 -03:00
tablespace.c Fix unsafe references to errno within error messaging logic. 2014-01-29 20:04:43 -05:00
trigger.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
tsearchcmds.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
typecmds.c Make DROP IF EXISTS more consistently not fail 2014-01-23 14:40:29 -03:00
user.c Shore up ADMIN OPTION restrictions. 2014-02-17 09:33:31 -05:00
vacuum.c Separate multixact freezing parameters from xid's 2014-02-13 19:36:31 -03:00
vacuumlazy.c Separate multixact freezing parameters from xid's 2014-02-13 19:36:31 -03:00
variable.c Update copyright for 2014 2014-01-07 16:05:30 -05:00
view.c Update copyright for 2014 2014-01-07 16:05:30 -05:00