NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.7k

Commited6deeb

committed

Force certain "pljava" custom GUCs to be PGC_SUSET.

Future PL/Java versions will closeCVE-2016-0766 by making these GUCsPGC_SUSET. This PostgreSQL change independently mitigates that PL/Javavulnerability, helping sites that update PostgreSQL more frequently thanPL/Java. Back-patch to 9.1 (all supported versions).

1 parent31b792f commited6deebCopy full SHA for ed6deeb

File tree

1 file changed

+11

-0

lines changed

src/backend/utils/misc
- guc.c

1 file changed

+11

-0

lines changed

`‎src/backend/utils/misc/guc.c`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -7076,6 +7076,17 @@ init_custom_variable(const char *name,`
`7076`	`7076`	`!process_shared_preload_libraries_in_progress)`
`7077`	`7077`	`elog(FATAL,"cannot create PGC_POSTMASTER variables after startup");`
`7078`	`7078`
	`7079`	`+/*`
	`7080`	`+ * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139`
	`7081`	`+ * (2015-12-15), two of that module's PGC_USERSET variables facilitated`
	`7082`	`+ * trivial escalation to superuser privileges. Restrict the variables to`
	`7083`	`+ * protect sites that have yet to upgrade pljava.`
	`7084`	`+ */`
	`7085`	`+if (context==PGC_USERSET&&`
	`7086`	`+(strcmp(name,"pljava.classpath")==0\|\|`
	`7087`	`+strcmp(name,"pljava.vmoptions")==0))`
	`7088`	`+context=PGC_SUSET;`
	`7089`	`+`
`7079`	`7090`	`gen= (structconfig_generic*)guc_malloc(ERROR,sz);`
`7080`	`7091`	`memset(gen,0,sz);`
`7081`	`7092`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commited6deeb

File tree

1 file changed

1 file changed

`‎src/backend/utils/misc/guc.c`

0 commit comments