diff options
| author | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:31 -0500 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2014-02-17 09:33:33 -0500 |
| commit | 1d701d28a796ea2d1a4d2be9e9ee06209eaea040 (patch) | |
| tree | 539b23c188cada8390ff3fbfd5b6577eb457fd27 /src/backend/commands/functioncmds.c | |
| parent | 15a8f97b9d16aaf659f58c981242b9da591cf24c (diff) | |
| download | postgresql-1d701d28a796ea2d1a4d2be9e9ee06209eaea040.tar.gz postgresql-1d701d28a796ea2d1a4d2be9e9ee06209eaea040.zip | |
Prevent privilege escalation in explicit calls to PL validators.
The primary role of PL validators is to be called implicitly during
CREATE FUNCTION, but they are also normal functions that a user can call
explicitly. Add a permissions check to each validator to ensure that a
user cannot use explicit validator calls to achieve things he could not
otherwise achieve. Back-patch to 8.4 (all supported versions).
Non-core procedural language extensions ought to make the same two-line
change to their own validators.
Andres Freund, reviewed by Tom Lane and Noah Misch.
Security: CVE-2014-0061
Diffstat (limited to 'src/backend/commands/functioncmds.c')
| -rw-r--r-- | src/backend/commands/functioncmds.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c index 9ba6dd8fcf1..ea74b5e9170 100644 --- a/src/backend/commands/functioncmds.c +++ b/src/backend/commands/functioncmds.c @@ -997,7 +997,6 @@ CreateFunction(CreateFunctionStmt *stmt, const char *queryString) prorows); } - /* * Guts of function deletion. * |