Home > mailing lists

Re: temporary functions (and other object types) - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: temporary functions (and other object types)
Date	November 6, 2010 15:37:09
Msg-id	19622.1289057818@sss.pgh.pa.us Whole thread Raw
In response to	Re: temporary functions (and other object types) (Martijn van Oosterhout <kleptog@svana.org>)
Responses	Re: temporary functions (and other object types)
List	pgsql-hackers

Tree view

Martijn van Oosterhout <kleptog@svana.org> writes:
> On Fri, Nov 05, 2010 at 09:01:50PM -0400, Robert Haas wrote:
>> I see that there could be a problem here with SECURITY DEFINER
>> functions, but I'm not clear whether it goes beyond that?

> IIRC correctly it's because even unpriveledged users can make things in
> the pg_temp schema and it's implicitly at the front of the search_path.
> There was a CVE about this a while back, no?

Yeah, we changed that behavior as part of the fix for CVE-2007-2138.
You'd need either SECURITY DEFINER functions or very careless use of
SET ROLE/SET SESSION AUTHORIZATION for the issue to be exploitable.
        regards, tom lane

pgsql-hackers by date:

From: Bruce Momjian
Date: 06 November 2010, 15:31:49
Subject: PL/pgSQL and shared_preload_libraries

From: Tom Lane
Date: 06 November 2010, 15:48:36
Subject: Re: Protecting against unexpected zero-pages: proposal

Re: temporary functions (and other object types) - Mailing list pgsql-hackers

Previous

Next