diff options
author | Noah Misch <noah@leadboat.com> | 2016-02-05 20:22:51 -0500 |
---|---|---|
committer | Noah Misch <noah@leadboat.com> | 2016-02-05 20:23:14 -0500 |
commit | de9766d39d91f0069fc95bfaac0caed8546f8ccc (patch) | |
tree | 9d3bee1936d1d9023f22017723fe5b712cf3c173 | |
parent | 32f17a2e7d16904b94dcbebb06f5001dd092c4dc (diff) | |
download | postgresql-de9766d39d91f0069fc95bfaac0caed8546f8ccc.tar.gz |
Force certain "pljava" custom GUCs to be PGC_SUSET.
Future PL/Java versions will close CVE-2016-0766 by making these GUCs
PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java
vulnerability, helping sites that update PostgreSQL more frequently than
PL/Java. Back-patch to 9.1 (all supported versions).
-rw-r--r-- | src/backend/utils/misc/guc.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 23f0aba4dc..40dc69b380 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -6387,6 +6387,17 @@ init_custom_variable(const char *name, !process_shared_preload_libraries_in_progress) elog(FATAL, "cannot create PGC_POSTMASTER variables after startup"); + /* + * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139 + * (2015-12-15), two of that module's PGC_USERSET variables facilitated + * trivial escalation to superuser privileges. Restrict the variables to + * protect sites that have yet to upgrade pljava. + */ + if (context == PGC_USERSET && + (strcmp(name, "pljava.classpath") == 0 || + strcmp(name, "pljava.vmoptions") == 0)) + context = PGC_SUSET; + gen = (struct config_generic *) guc_malloc(ERROR, sz); memset(gen, 0, sz); |