Require update permission for the large object written by lo_put().
lo_put() surely should require UPDATE permission, the same as lowrite(),
but it failed to check for that, as reported by Chapman Flack. Oversight
in commit c50b7c09d; backpatch to 9.4 where that was introduced.
Tom Lane and Michael Paquier
Security: CVE-2017-7548
Branch
------
REL9_4_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/f1cda6d6cbb2b551331802cab57957fa5307cf2c
Modified Files
--------------
src/backend/libpq/be-fsstubs.c | 12 ++++++++++++
src/test/regress/expected/privileges.out | 10 ++++++++++
src/test/regress/sql/privileges.sql | 4 ++++
3 files changed, 26 insertions(+)
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
✖
By continuing to browse this website, you agree to the use of cookies. Go to Privacy Policy.
