Fix bug that allowed any logged-in user to SET ROLE to any other database user
Tom Lane <tgl@sss.pgh.pa.us>
Fix bug that allowed any logged-in user to SET ROLE to any other database user id (CVE-2006-0553). Also fix related bug in SET SESSION AUTHORIZATION that allows unprivileged users to crash the server, if it has been compiled with Asserts enabled. The escalation-of-privilege risk exists only in 8.1.0-8.1.2. However, the Assert-crash risk exists in all releases back to 7.3. Thanks to Akio Ishida for reporting this problem.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/commands/variable.c | modified | +4 −2 |
| src/backend/utils/mb/encnames.c | modified | +2 −2 |
| src/backend/utils/misc/guc.c | modified | +14 −6 |
| src/include/utils/guc_tables.h | modified | +2 −1 |