upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-10 02:01:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Heikki Linnakangas d6a61cb3be Run REFRESH MATERIALIZED VIEW CONCURRENTLY in right security context 
The internal commands in REFRESH MATERIALIZED VIEW CONCURRENTLY are
correctly executed in SECURITY_RESTRICTED_OPERATION mode, except for
creating the temporary "diff" table, because you cannot create
temporary tables in SRO mode. But creating the temporary "diff" table
is a pretty complex CTAS command that selects from another temporary
table created earlier in the command. If you can cajole that CTAS
command to execute code defined by the table owner, the table owner
can run code with the privileges of the user running the REFRESH
command.

The proof-of-concept reported to the security team relied on CREATE
RULE to convert the internally-built temp table to a view. That's not
possible since commit b23cd185fd, and I was not able to find a
different way to turn the SELECT on the temp table into code
execution, so as far as I know this is only exploitable in v15 and
below. That's a fiddly assumption though, so apply this patch to
master and all stable versions.

Thanks to Pedro Gallegos for the report.

Security: CVE-2023-5869
Reviewed-by: Noah Misch
2024-02-05 11:02:56 +02:00
..
backend Run REFRESH MATERIALIZED VIEW CONCURRENTLY in right security context 2024-02-05 11:02:56 +02:00
bin Avoid package qualification of $windows_os 2024-02-01 15:33:58 -05:00
common Move is_valid_ascii() to ascii.h. 2024-01-29 12:09:03 -06:00
fe_utils Don't spuriously report FD_SETSIZE exhaustion on Windows. 2023-10-14 15:54:49 -07:00
include Sync PG_VERSION file in CREATE DATABASE. 2024-02-01 13:44:22 -08:00
interfaces Don't test already-referenced pointer for nullness 2024-01-16 12:27:52 +01:00
makefiles Use --strip-unneeded when stripping static libraries with GNU strip. 2023-04-20 18:12:32 -04:00
pl Fix plpgsql to allow new-style SQL CREATE FUNCTION as a SQL command. 2024-01-18 16:10:57 -05:00
port Meson: check for pg_config_paths.h left over from make 2023-08-24 10:33:48 +12:00
template Use unnamed POSIX semaphores on Cygwin. 2023-01-06 10:33:28 +13:00
test Apply band-aid fix for an oversight in reparameterize_path_by_child. 2024-02-01 12:34:21 -05:00
timezone Update time zone data files to tzdata release 2024a. 2024-02-01 15:57:53 -05:00
tools Fix various issues with ALTER TEXT SEARCH CONFIGURATION 2024-01-31 13:16:43 +09:00
tutorial Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
DEVELOPERS Replace a couple of references to files that no longer exist in the source 2009-05-04 08:08:47 +00:00
Makefile Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
Makefile.global.in Suppress macOS warnings about duplicate libraries in link commands. 2023-09-29 14:07:30 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
meson.build Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
nls-global.mk Fix for make unportability 2022-07-13 09:15:01 +02:00