projects / users / c2main / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b71e2bb) | patch
Fix bug that allowed any logged-in user to SET ROLE to any other database user
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 12 Feb 2006 22:32:57 +0000 (22:32 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 12 Feb 2006 22:32:57 +0000 (22:32 +0000)
commit20334a9e86bc4d57cd3fe8d2621d8fabb45420ae
treeb4bc58cbc8ce9af3b04b6d0a2e15e7ca4105207dtree
parentb71e2bb122cd660fd67868ff06b9d3b57d227237commit | diff
Fix bug that allowed any logged-in user to SET ROLE to any other database user
id (CVE-2006-0553).  Also fix related bug in SET SESSION AUTHORIZATION that
allows unprivileged users to crash the server, if it has been compiled with
Asserts enabled.  The escalation-of-privilege risk exists only in 8.1.0-8.1.2.
However, the Assert-crash risk exists in all releases back to 7.3.
Thanks to Akio Ishida for reporting this problem.
src/backend/commands/variable.c diff | blob | blame | history
src/backend/utils/mb/encnames.c diff | blob | blame | history
src/backend/utils/misc/guc.c diff | blob | blame | history
src/include/utils/guc_tables.h diff | blob | blame | history
Cedric's Stuff