| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Add missing checks to some of pageinspect's BRIN functions |
| Date: | 2016-03-28 14:00:45 |
| Message-ID: | E1akXin-0004aG-Et@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Add missing checks to some of pageinspect's BRIN functions
brin_page_type() and brin_metapage_info() did not enforce being called
by superuser, like other pageinspect functions that take bytea do.
Since they don't verify the passed page thoroughly, it is possible to
use them to read the server memory with a carefully crafted bytea value,
up to a file kilobytes from where the input bytea is located.
Have them throw errors if called by a non-superuser.
Report and initial patch: Andreas Seltenreich
Security: CVE-2016-3065
Branch
------
REL9_5_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/bf78a6f107949fdfb513d1b45e30cefe04e09e4f
Modified Files
--------------
contrib/pageinspect/brinfuncs.c | 25 +++++++++++++++++++++++--
1 file changed, 23 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2016-03-28 15:32:28 | pgsql: Last-minute updates for release notes. |
| Previous Message | Stephen Frost | 2016-03-28 13:04:15 | pgsql: Reset plan->row_security_env and planUserId |