From 218cf59b60c526258f14e672000f59496b227639 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 3 Jan 2008 21:25:58 +0000 Subject: Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600 --- src/include/miscadmin.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'src/include/miscadmin.h') diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h index 1dbd737db3b..7f7894b597a 100644 --- a/src/include/miscadmin.h +++ b/src/include/miscadmin.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: miscadmin.h,v 1.111 2002/10/03 17:07:53 momjian Exp $ + * $Id: miscadmin.h,v 1.111.2.1 2008/01/03 21:25:58 tgl Exp $ * * NOTES * some of the information in this file should be moved to @@ -203,9 +203,10 @@ extern void SetDatabasePath(const char *path); extern char *GetUserNameFromId(Oid userid); extern Oid GetUserId(void); -extern void SetUserId(Oid userid); extern Oid GetSessionUserId(void); -extern void SetSessionUserId(Oid userid); +extern void GetUserIdAndContext(Oid *userid, bool *sec_def_context); +extern void SetUserIdAndContext(Oid userid, bool sec_def_context); +extern bool InSecurityDefinerContext(void); extern void InitializeSessionUserId(const char *username); extern void InitializeSessionUserIdStandalone(void); extern void SetSessionAuthorization(Oid userid); -- cgit v1.2.3