From 537cbd35c893e67a63c59bc636c3e888bd228bc7 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 17 Feb 2014 09:33:31 -0500 Subject: Prevent privilege escalation in explicit calls to PL validators. The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061 --- src/include/fmgr.h | 1 + 1 file changed, 1 insertion(+) (limited to 'src/include/fmgr.h') diff --git a/src/include/fmgr.h b/src/include/fmgr.h index 455c0890840..aed81cdc26b 100644 --- a/src/include/fmgr.h +++ b/src/include/fmgr.h @@ -629,6 +629,7 @@ extern Oid get_call_expr_argtype(fmNodePtr expr, int argnum); extern bool get_fn_expr_arg_stable(FmgrInfo *flinfo, int argnum); extern bool get_call_expr_arg_stable(fmNodePtr expr, int argnum); extern bool get_fn_expr_variadic(FmgrInfo *flinfo); +extern bool CheckFunctionValidatorAccess(Oid validatorOid, Oid functionOid); /* * Routines in dfmgr.c -- cgit v1.2.3