Home > mailing lists

pgsql: Add missing checks to some of pageinspect's BRIN functions - Mailing list pgsql-committers

From	Alvaro Herrera
Subject	pgsql: Add missing checks to some of pageinspect's BRIN functions
Date	March 31, 2016 16:55:53
Msg-id	E1akXin-0004aF-Ep@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Add missing checks to some of pageinspect's BRIN functions

brin_page_type() and brin_metapage_info() did not enforce being called
by superuser, like other pageinspect functions that take bytea do.
Since they don't verify the passed page thoroughly, it is possible to
use them to read the server memory with a carefully crafted bytea value,
up to a file kilobytes from where the input bytea is located.

Have them throw errors if called by a non-superuser.

Report and initial patch: Andreas Seltenreich

Security: CVE-2016-3065

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/3e1338475ffc2eac25de60a9de9ce689b763aced

Modified Files
--------------
contrib/pageinspect/brinfuncs.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)

pgsql-committers by date:

From: Stephen Frost
Date: 31 March 2016, 16:55:52
Subject: pgsql: Reset plan->row_security_env and planUserId

From: Tom Lane
Date: 31 March 2016, 21:49:39
Subject: pgsql: Support using index-only scans with partial indexes in more case

pgsql: Add missing checks to some of pageinspect's BRIN functions - Mailing list pgsql-committers

Previous

Next