[COMMITTERS] pgsql: Make standard maintenance operations (including VACUUM, ANALYZE,

Mon, 07 Jan 2008 11:31:59 -0800 

Log Message:
-----------
Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600

Tags:
----
REL7_4_STABLE

Modified Files:
--------------
    pgsql/doc/src/sgml/ref:
        set_session_auth.sgml (r1.11 -> r1.11.2.1)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/ref/set_session_auth.sgml?r1=1.11&r2=1.11.2.1)
    pgsql/src/backend/access/transam:
        xact.c (r1.156.2.4 -> r1.156.2.5)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/access/transam/xact.c?r1=1.156.2.4&r2=1.156.2.5)
    pgsql/src/backend/catalog:
        index.c (r1.219.2.2 -> r1.219.2.3)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/index.c?r1=1.219.2.2&r2=1.219.2.3)
    pgsql/src/backend/commands:
        schemacmds.c (r1.16 -> r1.16.4.1)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/schemacmds.c?r1=1.16&r2=1.16.4.1)
        vacuum.c (r1.263.2.3 -> r1.263.2.4)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/vacuum.c?r1=1.263.2.3&r2=1.263.2.4)
        variable.c (r1.88.2.3 -> r1.88.2.4)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/variable.c?r1=1.88.2.3&r2=1.88.2.4)
    pgsql/src/backend/utils/adt:
        ri_triggers.c (r1.63.2.1 -> r1.63.2.2)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/adt/ri_triggers.c?r1=1.63.2.1&r2=1.63.2.2)
    pgsql/src/backend/utils/fmgr:
        fmgr.c (r1.76.2.1 -> r1.76.2.2)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/fmgr/fmgr.c?r1=1.76.2.1&r2=1.76.2.2)
    pgsql/src/backend/utils/init:
        miscinit.c (r1.116 -> r1.116.2.1)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/miscinit.c?r1=1.116&r2=1.116.2.1)
    pgsql/src/include:
        miscadmin.h (r1.134 -> r1.134.2.1)
        
(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/miscadmin.h?r1=1.134&r2=1.134.2.1)

---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster

Reply via email to