- 10 12月, 2009 1 次提交
-
-
由 Tom Lane 提交于
an allegedly immutable index function. It was previously recognized that we had to prevent such a function from executing SET/RESET ROLE/SESSION AUTHORIZATION, or it could trivially obtain the privileges of the session user. However, since there is in general no privilege checking for changes of session-local state, it is also possible for such a function to change settings in a way that might subvert later operations in the same session. Examples include changing search_path to cause an unexpected function to be called, or replacing an existing prepared statement with another one that will execute a function of the attacker's choosing. The present patch secures VACUUM, ANALYZE, and CREATE INDEX/REINDEX against these threats, which are the same places previously deemed to need protection against the SET ROLE issue. GUC changes are still allowed, since there are many useful cases for that, but we prevent security problems by forcing a rollback of any GUC change after completing the operation. Other cases are handled by throwing an error if any change is attempted; these include temp table creation, closing a cursor, and creating or deleting a prepared statement. (In 7.4, the infrastructure to roll back GUC changes doesn't exist, so we settle for rejecting changes of "search_path" in these contexts.) Original report and patch by Gurjeet Singh, additional analysis by Tom Lane. Security: CVE-2009-4136
-
- 04 9月, 2009 1 次提交
-
-
由 Tom Lane 提交于
functions. This extends the previous patch that forbade SETting these variables inside security-definer functions. RESET is equally a security hole, since it would allow regaining privileges of the caller; furthermore it can trigger Assert failures and perhaps other internal errors, since the code is not expecting these variables to change in such contexts. The previous patch did not cover this case because assign hooks don't really have enough information, so move the responsibility for preventing this into guc.c. Problem discovered by Heikki Linnakangas. Security: no CVE assigned yet, extends CVE-2007-6600
-
- 02 1月, 2008 1 次提交
-
-
由 Bruce Momjian 提交于
-
- 16 11月, 2007 2 次提交
-
-
由 Bruce Momjian 提交于
avoid this problem in the future.)
-
由 Bruce Momjian 提交于
-
- 11 9月, 2007 1 次提交
-
-
由 Tom Lane 提交于
transaction, unless rolled back or overridden by a SET clause for the same variable attached to a surrounding function call. Per discussion, these seem the best semantics. Note that this is an INCOMPATIBLE CHANGE: in 8.0 through 8.2, SET LOCAL's effects disappeared at subtransaction commit (leading to behavior that made little sense at the SQL level). I took advantage of the opportunity to rewrite and simplify the GUC variable save/restore logic a little bit. The old idea of a "tentative" value is gone; it was a hangover from before we had a stack. Also, we no longer need a stack entry for every nesting level, but only for those in which a variable's value actually changed.
-
- 10 9月, 2007 1 次提交
-
-
由 Tom Lane 提交于
and in passing, fix some bogosities dating from the custom_variable_classes patch. Fix guc-file.l to correctly check changes in custom_variable_classes that are attempted concurrently with additions/removals of custom variables, and don't allow the new setting to be applied in advance of checking it. Clean up messy and undocumented situation for string variables with NULL boot_val. Fix DefineCustomVariable functions to initialize boot_val correctly. Prevent find_option from inserting bogus placeholders for custom variables that are simply inquired about rather than being set.
-
- 22 4月, 2007 1 次提交
-
-
由 Peter Eisentraut 提交于
are removed from the configuration file. Joachim Wieland
-
- 13 3月, 2007 2 次提交
-
-
由 Peter Eisentraut 提交于
Make configuration parameters fall back to their default values when they are removed from the configuration file. Joachim Wieland
-
由 Peter Eisentraut 提交于
are removed from the configuration file. Joachim Wieland
-
- 06 1月, 2007 1 次提交
-
-
由 Bruce Momjian 提交于
back-stamped for this.
-
- 04 10月, 2006 1 次提交
-
-
由 Bruce Momjian 提交于
postgresql.conf. - shared_buffers = 32000kB => 32MB - temp_buffers = 8000kB => 8MB - wal_buffers = 8 => 64kB The code of initdb was a bit modified to write MB-unit values. Values greater than 8000kB are rounded out to MB. GUC_UNIT_XBLOCKS is added for wal_buffers. It is like GUC_UNIT_BLOCKS, but uses XLOG_BLCKSZ instead of BLCKSZ. Also, I cleaned up the test of GUC_UNIT_* flags in preparation to add more unit flags in less bits. ITAGAKI Takahiro
-
- 14 8月, 2006 1 次提交
-
-
由 Bruce Momjian 提交于
values, due to concern about the patch.
-
- 13 8月, 2006 1 次提交
-
-
由 Bruce Momjian 提交于
default values.
-
- 12 8月, 2006 2 次提交
-
-
由 Bruce Momjian 提交于
default values. Was causing regression failures.
-
由 Bruce Momjian 提交于
defaults. Zdenek Kotala
-
- 27 7月, 2006 1 次提交
-
-
由 Peter Eisentraut 提交于
-
- 14 7月, 2006 1 次提交
-
-
由 Bruce Momjian 提交于
Strip unused include files out unused include files, and add needed includes to C files. The next step is to remove unused include files in C files.
-
- 05 3月, 2006 1 次提交
-
-
由 Bruce Momjian 提交于
-
- 13 2月, 2006 1 次提交
-
-
由 Tom Lane 提交于
id (CVE-2006-0553). Also fix related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, the Assert-crash risk exists in all releases back to 7.3. Thanks to Akio Ishida for reporting this problem.
-
- 14 7月, 2005 1 次提交
-
-
由 Tom Lane 提交于
few loose ends to be dealt with, but it seems to work. Alvaro Herrera, based on the contrib code by Matthew O'Connor.
-
- 01 1月, 2005 1 次提交
-
-
由 PostgreSQL Daemon 提交于
Tag appropriate files for rc3 Also performed an initial run through of upgrading our Copyright date to extend to 2005 ... first run here was very simple ... change everything where: grep 1996-2004 && the word 'Copyright' ... scanned through the generated list with 'less' first, and after, to make sure that I only picked up the right entries ...
-
- 23 10月, 2004 1 次提交
-
-
由 Tom Lane 提交于
examinable by non-superusers, and use it to protect the recently-added GUC variables for data directory and config files. For now I have only flagged those variables that could be used to deduce something about the server's filesystem layout, but possibly we should also mark vars related to logging settings and other admin-only information?
-
- 08 10月, 2004 1 次提交
-
-
由 Tom Lane 提交于
Refactor code into something reasonably understandable, cause use of the feature to not fail in standalone backends or in EXEC_BACKEND case, fix sloppy guc.c table entries, make the documentation minimally usable.
-
- 29 8月, 2004 2 次提交
-
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
- 22 7月, 2004 2 次提交
-
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
(fairly closely, I hope) to the current PL/Perl implementation. David Fetter
-
- 01 7月, 2004 1 次提交
-
-
由 Tom Lane 提交于
performance front, but with feature freeze upon us I think it's time to drive a stake in the ground and say that this will be in 7.5. Alvaro Herrera, with some help from Tom Lane.
-
- 26 5月, 2004 1 次提交
-
-
由 Bruce Momjian 提交于
extend the GUC variable set". Plugin modules like the pl<lang> modules needs a way to declare configuration parameters. The postmaster has no knowledge of such modules when it reads the postgresql.conf file. Rather than allowing totally unknown configuration parameters, the concept of a variable "class" is introduced. Variables that belongs to a declared classes will create a placeholder value of string type and will not generate an error. When a module is loaded, it will declare variables for such a class and make those variables "consume" any placeholders that has been defined. Finally, the module will generate warnings for unrecognized placeholders defined for its class. More detail: The design is outlined after the suggestions made by Tom Lane and Joe Conway in this thread: http://archives.postgresql.org/pgsql-hackers/2004-02/msg00229.php A new string variable 'custom_variable_classes' is introduced. This variable is a comma separated string of identifiers. Each identifier denots a 'class' that will allow its members to be added without error. This variable must be defined in postmaster.conf. The lexer (guc_file.l) is changed so that it can accept a qualified name in the form <ID>.<ID> as the name of a variable. I also changed so that the 'custom_variable_classes', if found, is added first of all variables in order to remove the order of declaration issue. The guc_variables table is made more dynamic. It is originally created with 20% slack and can grow dynamically. A capacity is introduced to avoid resizing every time a new variable is added. guc_variables and num_guc_variables becomes static (hidden). The GucInfoMain now uses the new function get_guc_variables() and GetNumConfigOptions instead or using the guc_variables directly. The find_option() function, when passed a missing name, will check if the name is qualified. If the name is qualified and if the qualifier denotes a class included in the 'custom_variable_classes', a placeholder variable will be created. Such a placeholder will not participate in a list operation but will otherwise function as a normal string variable. Define<type>GucVariable() functions will be added, one for each variable type. They are inteded to be used by add-on modules like the pl<lang> mappings. Example: extern void DefineCustomBoolVariable( const char* name, const char* short_desc, const char* long_desc, bool* valueAddr, GucContext context, GucBoolAssignHook assign_hook, GucShowHook show_hook); (I created typedefs for the assign-hook and show-hook functions). A call to these functions will define a new GUC-variable. If a placeholder exists it will be replaced but it's value will be used in place of the default value. The valueAddr is assumed ot point at a default value when the define function is called. The only constraint that is imposed on a Custom variable is that its name is qualified. Finally, a function: void EmittWarningsOnPlacholders(const char* className) was added. This function should be called when a module has completed its variable definitions. At that time, no placeholders should remain for the class that the module uses. If they do, elog(INFO, ...) messages will be issued to inform the user that unrecognized variables are present. Thomas Hallgren
-
- 05 4月, 2004 1 次提交
-
-
由 Bruce Momjian 提交于
variable to control logoutput location on Unix and Win32. Magnus Hagander
-
- 20 1月, 2004 1 次提交
-
-
由 Tom Lane 提交于
should not be too eager to reject paths involving unknown schemas, since it can't really tell whether the schemas exist in the target database. (Also, when reading pg_dumpall output, it could be that the schemas don't exist yet, but eventually will.) ALTER USER SET has a similar issue. So, reduce the normal ERROR to a NOTICE when checking search_path values for these commands. Supporting this requires changing the API for GUC assign_hook functions, which causes the patch to touch a lot of places, but the changes are conceptually trivial.
-
- 04 12月, 2003 1 次提交
-
-
由 Joe Conway 提交于
to certain compile-time options (FUNC_MAX_ARGS, INDEX_MAX_KEYS, NAMEDATALEN, BLCKSZ, HAVE_INT64_TIMESTAMP). Also added "category", "short_desc", and "extra_desc" to the pg_settings view. Per recent discussion here: http://archives.postgresql.org/pgsql-patches/2003-11/msg00363.php
-
- 30 11月, 2003 1 次提交
-
-
由 PostgreSQL Daemon 提交于
make sure the $Id tags are converted to $PostgreSQL as well ...
-
- 04 8月, 2003 2 次提交
-
-
由 Bruce Momjian 提交于
-
由 Bruce Momjian 提交于
-
- 29 7月, 2003 2 次提交
-
-
由 Tom Lane 提交于
these things were added at different times by different people ;-). Includes Aizaz Ahmed's patch to remove duplicate array in help_config.c.
-
由 Bruce Momjian 提交于
materialized. New items have been added to GucContext and GucSource enums, but of course they were not added to the corresponding GucContextName[] and GucSourceName[] arrays in the patch. Here's a new patch to fix the resulting bugs. Joe Conway
-
- 27 7月, 2003 1 次提交
-
-
由 Bruce Momjian 提交于
>>ISTM that "source" is worth knowing. > > Hm, possibly. Any other opinions? This version has the seven fields I proposed, including "source". Here's an example that shows why I think it's valuable: regression=# \x Expanded display is on. regression=# select * from pg_settings where name = 'enable_seqscan'; -[ RECORD 1 ]----------- name | enable_seqscan setting | on context | user vartype | bool source | default min_val | max_val | regression=# update pg_settings set setting = 'off' where name = 'enable_seqscan'; -[ RECORD 1 ]--- set_config | off regression=# select * from pg_settings where name = 'enable_seqscan'; -[ RECORD 1 ]----------- name | enable_seqscan setting | off context | user vartype | bool source | session min_val | max_val | regression=# alter user postgres set enable_seqscan to 'off'; ALTER USER (log out and then back in again) regression=# \x Expanded display is on. regression=# select * from pg_settings where name = 'enable_seqscan'; -[ RECORD 1 ]----------- name | enable_seqscan setting | off context | user vartype | bool source | user min_val | max_val | In the first case, enable_seqscan is set to its default value. After setting it to off, it is obvious that the value has been changed for the session only. In the third case, you can see that the value has been set specifically for the user. Joe Conway
-
- 05 7月, 2003 1 次提交
-
-
由 Tom Lane 提交于
without needing a running backend. Reorder postgresql.conf.sample to match new layout of runtime.sgml. This commit re-adds work lost in Wednesday's crash.
-