| From f4aa3a18a20d51575562520754aa376b3b08b2d0 Mon Sep 17 00:00:00 2001 |
| From: Noah Misch <noah@leadboat.com> |
| Date: Fri, 5 Feb 2016 20:22:51 -0500 |
| Subject: [PATCH] Force certain "pljava" custom GUCs to be PGC_SUSET. |
| |
| Future PL/Java versions will close CVE-2016-0766 by making these GUCs |
| PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java |
| vulnerability, helping sites that update PostgreSQL more frequently than |
| PL/Java. Back-patch to 9.1 (all supported versions). |
| |
| Upstream-Status: Backport |
| |
| Signed-off-by: Noah Misch <noah@leadboat.com> |
| Index: postgresql-9.4.4/src/backend/utils/misc/guc.c |
| =================================================================== |
| --- postgresql-9.4.4.orig/src/backend/utils/misc/guc.c 2015-06-10 03:29:38.000000000 +0800 |
| +++ postgresql-9.4.4/src/backend/utils/misc/guc.c 2016-03-04 15:58:26.459266951 +0800 |
| @@ -7072,6 +7072,17 @@ |
| !process_shared_preload_libraries_in_progress) |
| elog(FATAL, "cannot create PGC_POSTMASTER variables after startup"); |
| |
| + /* |
| + * Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139 |
| + * (2015-12-15), two of that module's PGC_USERSET variables facilitated |
| + * trivial escalation to superuser privileges. Restrict the variables to |
| + * protect sites that have yet to upgrade pljava. |
| + */ |
| + if (context == PGC_USERSET && |
| + (strcmp(name, "pljava.classpath") == 0 || |
| + strcmp(name, "pljava.vmoptions") == 0)) |
| + context = PGC_SUSET; |
| + |
| gen = (struct config_generic *) guc_malloc(ERROR, sz); |
| memset(gen, 0, sz); |
| |