diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2007-04-20 02:37:49 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2007-04-20 02:37:49 +0000 |
| commit | d694bdd1c9a2f4042f74fbc1f5e4e82f99aa4aac (patch) | |
| tree | b247d3ec5441bd5b6f02cb67357b758b833d1626 /src/backend/executor/nodeSubplan.c | |
| parent | 4e6c6a40e0a516fc84d7dd3f9bced47755d43361 (diff) | |
| download | postgresql-d694bdd1c9a2f4042f74fbc1f5e4e82f99aa4aac.tar.gz postgresql-d694bdd1c9a2f4042f74fbc1f5e4e82f99aa4aac.zip | |
Support explicit placement of the temporary-table schema within search_path.
This is needed to allow a security-definer function to set a truly secure
value of search_path. Without it, a malicious user can use temporary objects
to execute code with the privileges of the security-definer function. Even
pushing the temp schema to the back of the search path is not quite good
enough, because a function or operator at the back of the path might still
capture control from one nearer the front due to having a more exact datatype
match. Hence, disable searching the temp schema altogether for functions and
operators.
Security: CVE-2007-2138
Diffstat (limited to 'src/backend/executor/nodeSubplan.c')
0 files changed, 0 insertions, 0 deletions