diff options
| author | Jeff Davis <jdavis@postgresql.org> | 2023-06-09 11:20:47 -0700 |
|---|---|---|
| committer | Jeff Davis <jdavis@postgresql.org> | 2023-06-09 11:20:47 -0700 |
| commit | 05e17373517114167d002494e004fa0aa32d1fd1 (patch) | |
| tree | 2d96a124ad8a75d5d717d930f634c985f48e4166 /src/backend/commands/vacuum.c | |
| parent | 9aee26a491ba9b7ceff40e6192183ab7200b6bfb (diff) | |
| download | postgresql-05e17373517114167d002494e004fa0aa32d1fd1.tar.gz postgresql-05e17373517114167d002494e004fa0aa32d1fd1.zip | |
Fix search_path to a safe value during maintenance operations.
While executing maintenance operations (ANALYZE, CLUSTER, REFRESH
MATERIALIZED VIEW, REINDEX, or VACUUM), set search_path to
'pg_catalog, pg_temp' to prevent inconsistent behavior.
Functions that are used for functional indexes, in index expressions,
or in materialized views and depend on a different search path must be
declared with CREATE FUNCTION ... SET search_path='...'.
This change addresses a security risk introduced in commit 60684dd834,
where a role with MAINTAIN privileges on a table may be able to
escalate privileges to the table owner. That commit is not yet part of
any release, so no need to backpatch.
Discussion: https://postgr.es/m/e44327179e5c9015c8dda67351c04da552066017.camel%40j-davis.com
Reviewed-by: Greg Stark
Reviewed-by: Nathan Bossart
Diffstat (limited to 'src/backend/commands/vacuum.c')
| -rw-r--r-- | src/backend/commands/vacuum.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/backend/commands/vacuum.c b/src/backend/commands/vacuum.c index a843f9ad926..c0826117973 100644 --- a/src/backend/commands/vacuum.c +++ b/src/backend/commands/vacuum.c @@ -2172,6 +2172,8 @@ vacuum_rel(Oid relid, RangeVar *relation, VacuumParams *params, SetUserIdAndSecContext(rel->rd_rel->relowner, save_sec_context | SECURITY_RESTRICTED_OPERATION); save_nestlevel = NewGUCNestLevel(); + SetConfigOption("search_path", GUC_SAFE_SEARCH_PATH, PGC_USERSET, + PGC_S_SESSION); /* * If PROCESS_MAIN is set (the default), it's time to vacuum the main |