upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-07 18:26:06 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/contrib
History
Masahiko Sawada 79c7a7e296 Restrict accesses to non-system views and foreign tables during pg_dump. 
When pg_dump retrieves the list of database objects and performs the
data dump, there was possibility that objects are replaced with others
of the same name, such as views, and access them. This vulnerability
could result in code execution with superuser privileges during the
pg_dump process.

This issue can arise when dumping data of sequences, foreign
tables (only 13 or later), or tables registered with a WHERE clause in
the extension configuration table.

To address this, pg_dump now utilizes the newly introduced
restrict_nonsystem_relation_kind GUC parameter to restrict the
accesses to non-system views and foreign tables during the dump
process. This new GUC parameter is added to back branches too, but
these changes do not require cluster recreation.

Back-patch to all supported branches.

Reviewed-by: Noah Misch
Security: CVE-2024-7348
Backpatch-through: 12
2024-08-05 06:05:17 -07:00
..
adminpack Read until EOF vice stat-reported size in read_binary_file 2020-07-04 06:28:44 -04:00
amcheck Backport BackgroundPsql perl test module 2024-06-27 19:01:25 +03:00
auth_delay Update copyright for 2019 2019-01-02 12:44:25 -05:00
auto_explain Fix ancient memory leak in contrib/auto_explain. 2021-02-02 13:49:08 -05:00
bloom Replace RelationOpenSmgr() with RelationGetSmgr(). 2022-11-17 16:54:31 -05:00
btree_gin btree_gin: Fix calculation of leftmost interval value. 2023-10-29 11:14:33 +00:00
btree_gist Fix results of index-only scans on btree_gist char(N) indexes. 2022-01-08 14:54:39 -05:00
citext CREATE INDEX: use the original userid for more ACL checks. 2022-06-25 09:07:45 -07:00
cube Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
dblink postgres_fdw: Fix unexpected reporting of empty message. 2021-12-03 17:37:19 +09:00
dict_int Ensure maxlen is at leat 1 in dict_int 2019-12-03 18:40:48 +01:00
dict_xsyn Update copyright for 2019 2019-01-02 12:44:25 -05:00
earthdistance Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
file_fdw Remove leftover comments, left behind by removal of WITH OIDS. 2020-11-30 10:29:26 +02:00
fuzzystrmatch Ensure Soundex difference() function handles empty input sanely. 2023-05-16 10:53:42 -04:00
hstore hstore: Tighten key/value parsing check for whitespaces 2023-06-12 09:14:19 +09:00
hstore_plperl Clean up PL/Perl's handling of the _() macro. 2019-06-02 12:23:39 -04:00
hstore_plpython In hstore_plpython, avoid crashing when return value isn't a mapping. 2023-04-27 11:55:06 -04:00
intagg Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
intarray Fix integer-overflow problem in intarray's g_int_decompress(). 2024-01-07 15:19:50 -05:00
isn Update copyright for 2019 2019-01-02 12:44:25 -05:00
jsonb_plperl Fix handling of "undef" in contrib/jsonb_plperl. 2019-08-04 14:05:35 -04:00
jsonb_plpython In jsonb_plpython.c, suppress warning message from gcc 10. 2020-01-30 18:26:13 -05:00
lo Fix bogus CALLED_AS_TRIGGER() defenses. 2020-04-03 11:24:56 -04:00
ltree Make contrib modules' installation scripts more secure. 2020-08-10 10:44:42 -04:00
ltree_plpython Fix out-of-tree build for transform modules. 2018-09-16 18:46:45 +01:00
oid2name Report the true database name on connection errors 2021-01-26 16:42:13 -03:00
pageinspect pageinspect: Fix failure with hash_bitmap_info() for partitioned indexes 2023-12-19 18:19:21 +09:00
passwordcheck Fix handling of previous password hooks in passwordcheck 2019-08-01 09:37:48 +09:00
pg_buffercache Remove WITH OIDS support, change oid catalog column visibility. 2018-11-20 16:00:17 -08:00
pg_freespacemap Replace heapam.h includes with {table, relation}.h where applicable. 2019-01-21 10:51:37 -08:00
pg_prewarm Replace RelationOpenSmgr() with RelationGetSmgr(). 2022-11-17 16:54:31 -05:00
pg_standby Replace @postgresql.org with @lists.postgresql.org for mailinglists 2019-01-19 19:06:35 +01:00
pg_stat_statements pg_stat_statements: fetch stmt location/length before it disappears. 2022-11-01 12:48:01 -04:00
pg_trgm Fix misbehavior in contrib/pg_trgm with an unsatisfiable regex. 2023-03-11 12:15:41 -05:00
pg_visibility Replace RelationOpenSmgr() with RelationGetSmgr(). 2022-11-17 16:54:31 -05:00
pgcrypto pgcrypto: Fix check for buffer size 2024-01-30 11:15:46 +01:00
pgrowlocks Adjust the order of the prechecks in pgrowlocks() 2023-10-31 16:44:27 +13:00
pgstattuple pgstattuple: Fix failure with pgstathashindex() for partitioned indexes 2023-12-19 15:20:55 +09:00
postgres_fdw Restrict accesses to non-system views and foreign tables during pg_dump. 2024-08-05 06:05:17 -07:00
seg Fix contrib/seg to be more wary of long input numbers. 2022-12-21 17:51:50 -05:00
sepgsql Adjust sepgsql expected output for 681d9e462 et al. 2023-05-08 11:24:47 -04:00
spi Fix more strcmp() calls using boolean-like comparisons for result checks 2019-04-12 10:16:49 +09:00
sslinfo Phase 3 of pgindent updates. 2017-06-21 15:35:54 -04:00
start-scripts Remove contrib/start-scripts/osx/. 2017-11-17 12:53:20 -05:00
tablefunc Disallow null category in crosstab_hash 2019-12-23 13:33:34 -05:00
tcn Update copyright for 2019 2019-01-02 12:44:25 -05:00
test_decoding Fix possibility of logical decoding partial transaction changes. 2024-07-11 22:48:08 +09:00
tsm_system_rows Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
tsm_system_time Phase 2 pgindent run for v12. 2019-05-22 13:04:48 -04:00
unaccent Add combining characters to unaccent.rules. 2019-02-01 15:23:01 +01:00
uuid-ossp Reject bogus output from uuid_create(3). 2022-09-09 12:41:36 -04:00
vacuumlo Report the true database name on connection errors 2021-01-26 16:42:13 -03:00
xml2 xml2: Replace deprecated routines with recommended ones 2024-04-16 12:26:21 +09:00
contrib-global.mk Respect TEMP_CONFIG when pg_regress_check and friends are called 2016-02-27 12:28:21 -05:00
Makefile Transforms for jsonb to PL/Perl 2018-04-03 09:47:18 -04:00
README Rename 'gmake' to 'make' in docs and recommended commands 2014-02-12 17:29:19 -05:00

README 

The PostgreSQL contrib tree
---------------------------

This subtree contains porting tools, analysis utilities, and plug-in
features that are not part of the core PostgreSQL system, mainly
because they address a limited audience or are too experimental to be
part of the main source tree.  This does not preclude their
usefulness.

User documentation for each module appears in the main SGML
documentation.

When building from the source distribution, these modules are not
built automatically, unless you build the "world" target.  You can
also build and install them all by running "make all" and "make
install" in this directory; or to build and install just one selected
module, do the same in that module's subdirectory.

Some directories supply new user-defined functions, operators, or
types.  To make use of one of these modules, after you have installed
the code you need to register the new SQL objects in the database
system by executing a CREATE EXTENSION command.  In a fresh database,
you can simply do

    CREATE EXTENSION module_name;

See the PostgreSQL documentation for more information about this
procedure.