Home > mailing lists

pgsql: Add missing checks to some of pageinspect's BRIN functions - Mailing list pgsql-committers

From	Alvaro Herrera
Subject	pgsql: Add missing checks to some of pageinspect's BRIN functions
Date	March 31, 2016 16:55:41
Msg-id	E1akXin-0004aG-Et@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Add missing checks to some of pageinspect's BRIN functions

brin_page_type() and brin_metapage_info() did not enforce being called
by superuser, like other pageinspect functions that take bytea do.
Since they don't verify the passed page thoroughly, it is possible to
use them to read the server memory with a carefully crafted bytea value,
up to a file kilobytes from where the input bytea is located.

Have them throw errors if called by a non-superuser.

Report and initial patch: Andreas Seltenreich

Security: CVE-2016-3065

Branch
------
REL9_5_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/bf78a6f107949fdfb513d1b45e30cefe04e09e4f

Modified Files
--------------
contrib/pageinspect/brinfuncs.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)

pgsql-committers by date:

From: Tom Lane
Date: 31 March 2016, 16:55:40
Subject: pgsql: Last-minute updates for release notes.

From: Stephen Frost
Date: 31 March 2016, 16:55:52
Subject: pgsql: Reset plan->row_security_env and planUserId

pgsql: Add missing checks to some of pageinspect's BRIN functions - Mailing list pgsql-committers

Previous

Next