rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
33,697 Commits 36 Branches 606 Tags 423 MiB
C 86%
PLpgSQL 5.5%
Perl 4.1%
Yacc 1.3%
Makefile 0.7%
Other 2.3%
Go to file
Tom Lane ad0009e7be Force PL and range-type support functions to be owned by a superuser. 
We allow non-superusers to create procedural languages (with restrictions)
and range datatypes.  Previously, the automatically-created support
functions for these objects ended up owned by the creating user.  This
represents a rather considerable security hazard, because the owning user
might be able to alter a support function's definition in such a way as to
crash the server, inject trojan-horse SQL code, or even execute arbitrary
C code directly.  It appears that right now the only actually exploitable
problem is the infinite-recursion bug fixed in the previous patch for
CVE-2012-2655.  However, it's not hard to imagine that future additions of
more ALTER FUNCTION capability might unintentionally open up new hazards.
To forestall future problems, cause these support functions to be owned by
the bootstrap superuser, not the user creating the parent object.
 		2012-05-30 23:47:57 -04:00
config Put back AC_REQUIRE([AC_STRUCT_TM]). 2012-05-14 23:06:48 -04:00
contrib Fix incorrect password transformation in contrib/pgcrypto's DES crypt(). 2012-05-30 10:53:30 -04:00
doc Rewrite --section option to decouple it from --schema-only/--data-only. 2012-05-29 23:22:14 -04:00
src Force PL and range-type support functions to be owned by a superuser. 2012-05-30 23:47:57 -04:00
.gitignore Add gitignore for mingw/cygwin build outputs 2011-06-09 18:11:47 +02:00
COPYRIGHT Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
GNUmakefile.in Add isolation test to check-world and installcheck-world 2012-03-05 20:19:20 +02:00
Makefile Allow make check in PL directories 2011-02-15 06:52:12 +02:00
README Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
README.git Trivial typo fix. 2010-09-21 14:16:00 -04:00
aclocal.m4 Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
configure Put back AC_REQUIRE([AC_STRUCT_TM]). 2012-05-14 23:06:48 -04:00
configure.in Remove unused AC_DEFINE symbols 2012-05-14 22:51:21 +03:00

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	http://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Changes between all PostgreSQL releases are recorded in the
file HISTORY.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
http://www.postgresql.org/download/.  For more information look at our
web site located at http://www.postgresql.org/.