Go to file
Tom Lane 891e6e7bfd Require execute permission on the trigger function for CREATE TRIGGER.
This check was overlooked when we added function execute permissions to the
system years ago.  For an ordinary trigger function it's not a big deal,
since trigger functions execute with the permissions of the table owner,
so they couldn't do anything the user issuing the CREATE TRIGGER couldn't
have done anyway.  However, if a trigger function is SECURITY DEFINER,
that is not the case.  The lack of checking would allow another user to
install it on his own table and then invoke it with, essentially, forged
input data; which the trigger function is unlikely to realize, so it might
do something undesirable, for instance insert false entries in an audit log
table.

Reported by Dinesh Kumar, patch by Robert Haas

Security: CVE-2012-0866
2012-02-23 15:38:56 -05:00
config Don't reject threaded Python on FreeBSD. 2012-02-20 16:21:28 -05:00
contrib Don't install hstore--1.0.sql any more. 2012-02-22 20:37:13 -05:00
doc Require execute permission on the trigger function for CREATE TRIGGER. 2012-02-23 15:38:56 -05:00
src Require execute permission on the trigger function for CREATE TRIGGER. 2012-02-23 15:38:56 -05:00
.gitignore Add gitignore for mingw/cygwin build outputs 2011-06-09 18:11:47 +02:00
aclocal.m4
configure Allow MinGW builds to use standardly-named OpenSSL libraries. 2012-02-23 15:05:08 -05:00
configure.in Allow MinGW builds to use standardly-named OpenSSL libraries. 2012-02-23 15:05:08 -05:00
COPYRIGHT Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
GNUmakefile.in Build src/ before contrib/ in make world 2011-08-24 21:34:49 +03:00
Makefile Allow make check in PL directories 2011-02-15 06:52:12 +02:00
README
README.git

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	http://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Changes between all PostgreSQL releases are recorded in the
file HISTORY.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
http://www.postgresql.org/download/.  For more information look at our
web site located at http://www.postgresql.org/.