Revision 23b5a85e60c464ab8bc438a547a4b15260ca9453 authored by Noah Misch on 17 February 2014, 14:33:31 UTC, committed by Noah Misch on 17 February 2014, 14:33:36 UTC
The primary role of PL validators is to be called implicitly during CREATE FUNCTION, but they are also normal functions that a user can call explicitly. Add a permissions check to each validator to ensure that a user cannot use explicit validator calls to achieve things he could not otherwise achieve. Back-patch to 8.4 (all supported versions). Non-core procedural language extensions ought to make the same two-line change to their own validators. Andres Freund, reviewed by Tom Lane and Noah Misch. Security: CVE-2014-0061
1 parent 5d320a1
| File | Mode | Size |
|---|---|---|
| config | ||
| contrib | ||
| doc | ||
| src | ||
| .gitignore | -rw-r--r-- | 360 bytes |
| COPYRIGHT | -rw-r--r-- | 1.2 KB |
| GNUmakefile.in | -rw-r--r-- | 3.5 KB |
| HISTORY | -rw-r--r-- | 283 bytes |
| Makefile | -rw-r--r-- | 1.5 KB |
| README | -rw-r--r-- | 1.2 KB |
| README.git | -rw-r--r-- | 727 bytes |
| aclocal.m4 | -rw-r--r-- | 385 bytes |
| configure | -rwxr-xr-x | 850.2 KB |
| configure.in | -rw-r--r-- | 62.7 KB |
Computing file changes ...
