aboutsummaryrefslogtreecommitdiff
path: root/src/backend/access/gist/gist.c
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2019-12-08 11:06:26 -0800
committerNoah Misch <noah@leadboat.com>2019-12-08 11:06:29 -0800
commitcc4371dc345392777aa419ca872b28c4169a797b (patch)
tree501efcf5370f40303ca1344d0e0d11999db7bb90 /src/backend/access/gist/gist.c
parentba62bb63b399dcd6e80817b1c73ead9d87ecc311 (diff)
downloadpostgresql-cc4371dc345392777aa419ca872b28c4169a797b.tar.gz
postgresql-cc4371dc345392777aa419ca872b28c4169a797b.zip
Document search_path security with untrusted dbowner or CREATEROLE.
Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that certain schema usage patterns are secure against CREATEROLE users and database owners. When an untrusted user is the database owner or holds CREATEROLE privilege, a query is secure only if its session started with SELECT pg_catalog.set_config('search_path', '', false) or equivalent. Back-patch to 9.4 (all supported versions). Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com
Diffstat (limited to 'src/backend/access/gist/gist.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-20 17:34:37 +0000