From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Again match pg_user_mappings to information_schema.user_mapping_ |
Date: | 2017-08-07 14:10:58 |
Message-ID: | E1deikE-0003Cf-0y@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Again match pg_user_mappings to information_schema.user_mapping_options.
Commit 3eefc51053f250837c3115c12f8119d16881a2d7 claimed to make
pg_user_mappings enforce the qualifications user_mapping_options had
been enforcing, but its removal of a longstanding restriction left them
distinct when the current user is the subject of a mapping yet has no
server privileges. user_mapping_options emits no rows for such a
mapping, but pg_user_mappings includes full umoptions. Change
pg_user_mappings to show null for umoptions. Back-patch to 9.2, like
the above commit.
Reviewed by Tom Lane. Reported by Jeff Janes.
Security: CVE-2017-7547
Branch
------
REL9_2_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/e255e97a2635cc74fd0efa41b6e872941995e237
Modified Files
--------------
doc/src/sgml/catalogs.sgml | 32 ++++++++++++++++++++++++------
src/backend/catalog/system_views.sql | 4 +++-
src/test/regress/expected/foreign_data.out | 32 ++++++++++++++++--------------
src/test/regress/expected/rules.out | 2 +-
src/test/regress/sql/foreign_data.sql | 17 +++++++++-------
5 files changed, 57 insertions(+), 30 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2017-08-07 14:19:40 | pgsql: Require update permission for the large object written by lo_put |
Previous Message | Heikki Linnakangas | 2017-08-07 14:08:04 | pgsql: Don't allow logging in with empty password. |