pgsql: In security-restricted operations, block enqueue of at-commit us
| От | Noah Misch |
|---|---|
| Тема | pgsql: In security-restricted operations, block enqueue of at-commit us |
| Дата | |
| Msg-id | [email protected] обсуждение исходный текст |
| Список | pgsql-committers |
In security-restricted operations, block enqueue of at-commit user code. Specifically, this blocks DECLARE ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. An attacker having permission to create non-temp objects in at least one schema could execute arbitrary SQL functions under the identity of the bootstrap superuser. One can work around the vulnerability by disabling autovacuum and not manually running ANALYZE, CLUSTER, REINDEX, CREATE INDEX, VACUUM FULL, or REFRESH MATERIALIZED VIEW. (Don't restore from pg_dump, since it runs some of those commands.) Plain VACUUM (without FULL) is safe, and all commands are fine when a trusted user owns the target object. Performance may degrade quickly under this workaround, however. Back-patch to 9.5 (all supported versions). Reviewed by Robert Haas. Reported by Etienne Stalmans. Security: CVE-2020-25695 Branch ------ REL_11_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/43ebfea5a988582e9edc752cb1e22e929edac03b Modified Files -------------- contrib/postgres_fdw/connection.c | 4 +++ src/backend/access/transam/xact.c | 13 +++++----- src/backend/commands/portalcmds.c | 5 ++++ src/backend/commands/trigger.c | 12 +++++++++ src/test/regress/expected/privileges.out | 42 ++++++++++++++++++++++++++++++++ src/test/regress/sql/privileges.sql | 34 ++++++++++++++++++++++++++ 6 files changed, 104 insertions(+), 6 deletions(-)
В списке pgsql-committers по дате отправления: