pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other

Поиск
Список
Период
Сортировка
От tgl@postgresql.org (Tom Lane)
Тема pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other
Дата
Msg-id 20060212223257.06A629DC84D@postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Log Message:
-----------
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.

Tags:
----
REL8_1_STABLE

Modified Files:
--------------
    pgsql/src/backend/commands:
        variable.c (r1.114.2.1 -> r1.114.2.2)

(http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/commands/variable.c.diff?r1=1.114.2.1&r2=1.114.2.2)
    pgsql/src/backend/utils/mb:
        encnames.c (r1.26 -> r1.26.2.1)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/mb/encnames.c.diff?r1=1.26&r2=1.26.2.1)
    pgsql/src/backend/utils/misc:
        guc.c (r1.299.2.1 -> r1.299.2.2)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/misc/guc.c.diff?r1=1.299.2.1&r2=1.299.2.2)
    pgsql/src/include/utils:
        guc_tables.h (r1.20 -> r1.20.2.1)
        (http://developer.postgresql.org/cvsweb.cgi/pgsql/src/include/utils/guc_tables.h.diff?r1=1.20&r2=1.20.2.1)

В списке pgsql-committers по дате отправления:

Предыдущее
От: tgl@postgresql.org (Tom Lane)
Дата:
Сообщение: pgsql: Fix bug that allowed any logged-in user to SET ROLE to any other
Следующее
От: tgl@postgresql.org (Tom Lane)
Дата:
Сообщение: pgsql: Fix bug in SET SESSION AUTHORIZATION that allows unprivileged