Prevent privilege escalation in explicit calls to PL validators.

The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
author: Noah Misch <noah@leadboat.com> 2014-02-17 09:33:31 -0500
committer: Noah Misch <noah@leadboat.com> 2014-02-17 09:33:32 -0500
commit: fc4a04a3c4f49ac8a74241401ffd5118c4d00842 (patch)
tree: 2f54d5fb41c13d0fdcb85b2f6df93ba8a48c80e3 /src/backend/commands/functioncmds.c
parent: 475a1fbc41a120ea3bd5f903e37c48d7a1769ff8 (diff)
download: postgresql-fc4a04a3c4f49ac8a74241401ffd5118c4d00842.tar.gz
postgresql-fc4a04a3c4f49ac8a74241401ffd5118c4d00842.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/src/backend/commands/functioncmds.c b/src/backend/commands/functioncmds.c
index c776758b51f..30e163d4229 100644
--- a/src/backend/commands/functioncmds.c
+++ b/src/backend/commands/functioncmds.c
@@ -986,7 +986,6 @@ CreateFunction(CreateFunctionStmt *stmt, const char *queryString)
 						   prorows);
 }
 
-
 /*
  * Guts of function deletion.
  *
author	Noah Misch <noah@leadboat.com>	2014-02-17 09:33:31 -0500
committer	Noah Misch <noah@leadboat.com>	2014-02-17 09:33:32 -0500
commit	fc4a04a3c4f49ac8a74241401ffd5118c4d00842 (patch)
tree	2f54d5fb41c13d0fdcb85b2f6df93ba8a48c80e3 /src/backend/commands/functioncmds.c
parent	475a1fbc41a120ea3bd5f903e37c48d7a1769ff8 (diff)
download	postgresql-fc4a04a3c4f49ac8a74241401ffd5118c4d00842.tar.gz postgresql-fc4a04a3c4f49ac8a74241401ffd5118c4d00842.zip