Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitac1a998

Browse files
committed
Fix priv checks for ALTER <object> DEPENDS ON EXTENSION
Marking an object as dependant on an extension did not have anyprivilege check whatsoever; this allowed any user to mark objects asdroppable by anyone able to DROP EXTENSION, which could be used to causesystem-wide havoc. Disallow by checking that the calling user owns thementioned object.(No constraints are placed on the extension.)Security:CVE-2020-1720Reported-by: Tom LaneDiscussion: 31605.1566429043@sss.pgh.pa.us
1 parent7f97b5e commitac1a998

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

‎src/backend/commands/alter.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -430,6 +430,17 @@ ExecAlterObjectDependsStmt(AlterObjectDependsStmt *stmt, ObjectAddress *refAddre
430430
get_object_address_rv(stmt->objectType,stmt->relation, (List*)stmt->object,
431431
&rel,AccessExclusiveLock, false);
432432

433+
/*
434+
* Verify that the user is entitled to run the command.
435+
*
436+
* We don't check any privileges on the extension, because that's not
437+
* needed. The object owner is stipulating, by running this command, that
438+
* the extension owner can drop the object whenever they feel like it,
439+
* which is not considered a problem.
440+
*/
441+
check_object_ownership(GetUserId(),
442+
stmt->objectType,address,stmt->object,rel);
443+
433444
/*
434445
* If a relation was involved, it would have been opened and locked. We
435446
* don't need the relation here, but we'll retain the lock until commit.

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp