aboutsummaryrefslogtreecommitdiff
path: root/src/tutorial/advanced.source
diff options
context:
space:
mode:
authorNoah Misch <noah@leadboat.com>2014-02-17 09:33:31 -0500
committerNoah Misch <noah@leadboat.com>2014-02-17 09:33:33 -0500
commit1d701d28a796ea2d1a4d2be9e9ee06209eaea040 (patch)
tree539b23c188cada8390ff3fbfd5b6577eb457fd27 /src/tutorial/advanced.source
parent15a8f97b9d16aaf659f58c981242b9da591cf24c (diff)
downloadpostgresql-1d701d28a796ea2d1a4d2be9e9ee06209eaea040.tar.gz
postgresql-1d701d28a796ea2d1a4d2be9e9ee06209eaea040.zip
Prevent privilege escalation in explicit calls to PL validators.
The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
Diffstat (limited to 'src/tutorial/advanced.source')
0 files changed, 0 insertions, 0 deletions