aboutsummaryrefslogtreecommitdiff
path: root/src/backend/access/transam/commit_ts.c
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2019-12-08 11:06:26 -0800
committerNoah Misch <noah@leadboat.com>2019-12-08 11:06:30 -0800
commitb97857b67659afda917bef87ac03bb99781db878 (patch)
tree5901798c9e8c96f3cb11964a183284ef7ebbae5d /src/backend/access/transam/commit_ts.c
parent731ab0a284f43048f66516d5b3b642819035ba1a (diff)
downloadpostgresql-b97857b67659afda917bef87ac03bb99781db878.tar.gz
postgresql-b97857b67659afda917bef87ac03bb99781db878.zip
Document search_path security with untrusted dbowner or CREATEROLE.
Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that certain schema usage patterns are secure against CREATEROLE users and database owners. When an untrusted user is the database owner or holds CREATEROLE privilege, a query is secure only if its session started with SELECT pg_catalog.set_config('search_path', '', false) or equivalent. Back-patch to 9.4 (all supported versions). Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com
Diffstat (limited to 'src/backend/access/transam/commit_ts.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 02:35:22 +0000