From: | Alexander Korotkov <akorotkov(at)postgresql(dot)org> |
---|---|
To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
Subject: | pgsql: Avoid repeated table name lookups in createPartitionTable() |
Date: | 2024-08-22 06:56:14 |
Message-ID: | E1sh1jy-000tEJ-De@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Avoid repeated table name lookups in createPartitionTable()
Currently, createPartitionTable() opens newly created table using its name.
This approach is prone to privilege escalation attack, because we might end
up opening another table than we just created.
This commit address the issue above by opening newly created table by its
OID. It appears to be tricky to get a relation OID out of ProcessUtility().
We have to extend TableLikeClause with new newRelationOid field, which is
filled within ProcessUtility() to be further accessed by caller.
Security: CVE-2014-0062
Reported-by: Noah Misch
Discussion: https://postgr.es/m/20240808171351.a9.nmisch%40google.com
Reviewed-by: Pavel Borisov, Dmitry Koval
Branch
------
REL_17_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/f636ab41aba215eaa3303e21a10f12d81357f1f6
Modified Files
--------------
src/backend/commands/tablecmds.c | 3 ++-
src/backend/parser/gram.y | 1 +
src/backend/tcop/utility.c | 6 ++++++
src/include/nodes/parsenodes.h | 1 +
4 files changed, 10 insertions(+), 1 deletion(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Noah Misch | 2024-08-22 07:09:17 | pgsql: Fix attach of a previously-detached injection point. |
Previous Message | Alexander Korotkov | 2024-08-22 06:51:03 | pgsql: Avoid repeated table name lookups in createPartitionTable() |