mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2025-02-23 19:39:53 +08:00
Code Issues Packages Projects Releases Wiki Activity
20,086 Commits 37 Branches 648 Tags 467 MiB
C 85.4%
PLpgSQL 6%
Perl 4.3%
Yacc 1.3%
Meson 0.7%
Other 2.1%
108b19d860
Go to file
Tom Lane 108b19d860 Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 
and CLUSTER) execute as the table owner rather than the calling user, using
the same privilege-switching mechanism already used for SECURITY DEFINER
functions.  The purpose of this change is to ensure that user-defined
functions used in index definitions cannot acquire the privileges of a
superuser account that is performing routine maintenance.  While a function
used in an index is supposed to be IMMUTABLE and thus not able to do anything
very interesting, there are several easy ways around that restriction; and
even if we could plug them all, there would remain a risk of reading sensitive
information and broadcasting it through a covert channel such as CPU usage.

To prevent bypassing this security measure, execution of SET SESSION
AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context.

Thanks to Itagaki Takahiro for reporting this vulnerability.

Security: CVE-2007-6600
2008-01-03 21:25:00 +00:00
config New version of mkinstalldirs fixes problems on Tru64 UNIX. 2005-01-08 09:54:29 +00:00
contrib Backpatch: Fix tsvector_out() and tsquery_out() to escape backslesh, add test of that. 2007-11-16 17:17:52 +00:00
doc Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 2008-01-03 21:25:00 +00:00
src Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX, 2008-01-03 21:25:00 +00:00
aclocal.m4
configure tag configure for 8.0.14 2007-09-14 21:34:29 +00:00
configure.in Provide a more helpful error message when there is an autoconf version 2007-12-31 17:28:05 +00:00
COPYRIGHT Tag appropriate files for rc3 2004-12-31 22:04:05 +00:00
GNUmakefile.in Add installcheck-parallel target to top level makefiles. 2006-08-18 19:59:05 +00:00
Makefile Add installcheck-parallel target to top level makefiles. 2006-08-18 19:59:05 +00:00
README
README.CVS

README 

PostgreSQL Database Management System
=====================================
  
This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

The JDBC, ODBC, C++, Python, and Tcl interfaces have been moved to the
PostgreSQL Projects Web Site at http://gborg.postgresql.org for separate
maintenance.  A Perl DBI/DBD driver is available from CPAN.

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Changes between all PostgreSQL releases are recorded in the
file HISTORY.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
ftp://ftp.postgresql.org/pub/.  For more information look at our web
site located at http://www.postgresql.org/.