summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Lane2018-02-05 19:43:41 +0000
committerTom Lane2018-02-05 19:44:10 +0000
commit01b2db1cd6673a94cc5249aa25b34e7d98535c11 (patch)
tree44d901da30d10578abb3b07a6c106d46543ee026
parent790808b37736798c4da776bd91d8440d0e856e11 (diff)
Last-minute updates for release notes.
Security: CVE-2018-1052, CVE-2018-1053
-rw-r--r--doc/src/sgml/release-9.3.sgml22
1 files changed, 22 insertions, 0 deletions
diff --git a/doc/src/sgml/release-9.3.sgml b/doc/src/sgml/release-9.3.sgml
index 8be44e33f61..6d339db8d33 100644
--- a/doc/src/sgml/release-9.3.sgml
+++ b/doc/src/sgml/release-9.3.sgml
@@ -35,6 +35,28 @@
<listitem>
<para>
+ Ensure that all temporary files made
+ by <application>pg_upgrade</application> are non-world-readable
+ (Tom Lane, Noah Misch)
+ </para>
+
+ <para>
+ <application>pg_upgrade</application> normally restricts its
+ temporary files to be readable and writable only by the calling user.
+ But the temporary file containing <literal>pg_dumpall -g</literal>
+ output would be group- or world-readable, or even writable, if the
+ user's <literal>umask</literal> setting allows. In typical usage on
+ multi-user machines, the <literal>umask</literal> and/or the working
+ directory's permissions would be tight enough to prevent problems;
+ but there may be people using <application>pg_upgrade</application>
+ in scenarios where this oversight would permit disclosure of database
+ passwords to unfriendly eyes.
+ (CVE-2018-1053)
+ </para>
+ </listitem>
+
+ <listitem>
+ <para>
Fix vacuuming of tuples that were updated while key-share locked
(Andres Freund, &Aacute;lvaro Herrera)
</para>