-
- Downloads
Support explicit placement of the temporary-table schema within search_path.
This is needed to allow a security-definer function to set a truly secure value of search_path. Without it, a malicious user can use temporary objects to execute code with the privileges of the security-definer function. Even pushing the temp schema to the back of the search path is not quite good enough, because a function or operator at the back of the path might still capture control from one nearer the front due to having a more exact datatype match. Hence, disable searching the temp schema altogether for functions and operators. Security: CVE-2007-2138
Showing
- doc/src/sgml/config.sgml 12 additions, 4 deletionsdoc/src/sgml/config.sgml
- doc/src/sgml/ref/create_function.sgml 49 additions, 1 deletiondoc/src/sgml/ref/create_function.sgml
- doc/src/sgml/release.sgml 148 additions, 32 deletionsdoc/src/sgml/release.sgml
- src/backend/catalog/aclchk.c 2 additions, 2 deletionssrc/backend/catalog/aclchk.c
- src/backend/catalog/namespace.c 179 additions, 27 deletionssrc/backend/catalog/namespace.c
- src/test/regress/expected/temp.out 58 additions, 0 deletionssrc/test/regress/expected/temp.out
- src/test/regress/sql/temp.sql 33 additions, 0 deletionssrc/test/regress/sql/temp.sql
Loading
Please register or sign in to comment