cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY fix

Browse Source 
This patch fixes a problem where low privileged users can invoke the
LOAD extension to load arbitrary libraries into the postgres process
space.

ok peter.galbavy at knowtion.net
This commit is contained in:
sturm 2005-02-05 15:11:58 +00:00
parent a483feba8a
commit b2d36339e6
2 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
databases/postgresql/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.71 2005/01/02 00:23:28 alek Exp $
# $OpenBSD: Makefile,v 1.72 2005/02/05 15:11:58 sturm Exp $
COMMENT= "PostgreSQL RDBMS (client)"
COMMENT-server= "PostgreSQL RDBMS (server)"
@ -6,9 +6,9 @@ COMMENT-docs= "PostgreSQL RDBMS documentation"
VERSION= 7.4.3
DISTNAME= postgresql-${VERSION}
FULLPKGNAME= postgresql-client-${VERSION}p0
PKGNAME-server= postgresql-server-${VERSION}p0
PKGNAME-docs= postgresql-docs-${VERSION}p0
FULLPKGNAME= postgresql-client-${VERSION}p1
PKGNAME-server= postgresql-server-${VERSION}p1
PKGNAME-docs= postgresql-docs-${VERSION}p1
CATEGORIES= databases

12
databases/postgresql/patches/patch-src_backend_tcop_utility_c Normal file
View File

@ -0,0 +1,12 @@
$OpenBSD: patch-src_backend_tcop_utility_c,v 1.1 2005/02/05 15:11:58 sturm Exp $
--- src/backend/tcop/utility.c.orig Sat Feb 5 13:02:05 2005
+++ src/backend/tcop/utility.c Sat Feb 5 13:03:10 2005
@@ -814,6 +814,8 @@ ProcessUtility(Node *parsetree,
{
LoadStmt *stmt = (LoadStmt *) parsetree;
+ if (!superuser())
+ elog(ERROR, "permission denied");
closeAllVfds(); /* probably not necessary... */
load_file(stmt->filename);
}