aboutsummaryrefslogtreecommitdiff
path: root/src/backend/tcop/postgres.c
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2019-12-08 11:06:26 -0800
committerNoah Misch <noah@leadboat.com>2019-12-08 11:06:26 -0800
commitfd5e16e782fc6cd829b27e2c83c623b8020e5774 (patch)
treeadc31cd2ad7c5ccaded0f2e4b6afdbec927850a0 /src/backend/tcop/postgres.c
parenta395e21e989af0c2aab9dd1b1e0a1842ca42a063 (diff)
downloadpostgresql-fd5e16e782fc6cd829b27e2c83c623b8020e5774.tar.gz
postgresql-fd5e16e782fc6cd829b27e2c83c623b8020e5774.zip
Document search_path security with untrusted dbowner or CREATEROLE.
Commit 5770172cb0c9df9e6ce27c507b449557e5b45124 wrote, incorrectly, that certain schema usage patterns are secure against CREATEROLE users and database owners. When an untrusted user is the database owner or holds CREATEROLE privilege, a query is secure only if its session started with SELECT pg_catalog.set_config('search_path', '', false) or equivalent. Back-patch to 9.4 (all supported versions). Discussion: https://postgr.es/m/20191013013512.GC4131753@rfd.leadboat.com
Diffstat (limited to 'src/backend/tcop/postgres.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 23:22:20 +0000