git.postgresql.org Git - postgresql.git/commit
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
Mon, 9 May 2022 15:35:08 +0000 (08:35 -0700)
commit a117cebd638dd02e5c2e791c25e43745f233111b
Make relation-enumerating operations be security-restricted operations.
When a feature enumerates relations and runs functions associated with
all found relations, the feature's user shall not need to trust every
user having permission to create objects. BRIN-specific functionality
in autovacuum neglected to account for this, as did pg_amcheck and
CLUSTER. An attacker having permission to create non-temp objects in at
least one schema could execute arbitrary SQL functions under the
identity of the bootstrap superuser. CREATE INDEX (not a
relation-enumerating operation) and REINDEX protected themselves too
late. This change extends to the non-enumerating amcheck interface.
Back-patch to v10 (all supported versions).
Sergey Shinderuk, reviewed (in earlier versions) by Alexander Lakhin.
Reported by Alexander Lakhin.
Security: CVE-2022-1552
This is the main PostgreSQL git repository.
RSS
Atom