pgsql: Avoid repeated table name lookups in createPartitionTable()

From: Alexander Korotkov <akorotkov(at)postgresql(dot)org>
To: pgsql-committers(at)lists(dot)postgresql(dot)org
Subject: pgsql: Avoid repeated table name lookups in createPartitionTable()
Date: 2024-08-22 06:56:14
Message-ID: E1sh1jy-000tEJ-De@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Avoid repeated table name lookups in createPartitionTable()

Currently, createPartitionTable() opens newly created table using its name.
This approach is prone to privilege escalation attack, because we might end
up opening another table than we just created.

This commit address the issue above by opening newly created table by its
OID. It appears to be tricky to get a relation OID out of ProcessUtility().
We have to extend TableLikeClause with new newRelationOid field, which is
filled within ProcessUtility() to be further accessed by caller.

Security: CVE-2014-0062
Reported-by: Noah Misch
Discussion: https://postgr.es/m/20240808171351.a9.nmisch%40google.com
Reviewed-by: Pavel Borisov, Dmitry Koval

Branch
------
REL_17_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/f636ab41aba215eaa3303e21a10f12d81357f1f6

Modified Files
--------------
src/backend/commands/tablecmds.c | 3 ++-
src/backend/parser/gram.y | 1 +
src/backend/tcop/utility.c | 6 ++++++
src/include/nodes/parsenodes.h | 1 +
4 files changed, 10 insertions(+), 1 deletion(-)

Browse pgsql-committers by date

  From Date Subject
Next Message Noah Misch 2024-08-22 07:09:17 pgsql: Fix attach of a previously-detached injection point.
Previous Message Alexander Korotkov 2024-08-22 06:51:03 pgsql: Avoid repeated table name lookups in createPartitionTable()