Add missing checks to some of pageinspect's BRIN functions brin_page_type() and brin_metapage_info() did not enforce being called by superuser, like other pageinspect functions that take bytea do. Since they don't verify the passed page thoroughly, it is possible to use them to read the server memory with a carefully crafted bytea value, up to a file kilobytes from where the input bytea is located.
Have them throw errors if called by a non-superuser. Report and initial patch: Andreas Seltenreich Security: CVE-2016-3065 Branch ------ REL9_5_STABLE Details ------- http://git.postgresql.org/pg/commitdiff/bf78a6f107949fdfb513d1b45e30cefe04e09e4f Modified Files -------------- contrib/pageinspect/brinfuncs.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
