Skip to content

Commit ed6deeb

Browse files
nmischnmisch
committed
Force certain "pljava" custom GUCs to be PGC_SUSET.
Future PL/Java versions will close CVE-2016-0766 by making these GUCs PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java vulnerability, helping sites that update PostgreSQL more frequently than PL/Java. Back-patch to 9.1 (all supported versions).
1 parent 31b792f commit ed6deeb

File tree

1 file changed

+11
-0
lines changed
  • src/backend/utils/misc

1 file changed

+11
-0
lines changed

src/backend/utils/misc/guc.c

+11
Original file line numberDiff line numberDiff line change
@@ -7076,6 +7076,17 @@ init_custom_variable(const char *name,
70767076
!process_shared_preload_libraries_in_progress)
70777077
elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
70787078

7079+
/*
7080+
* Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
7081+
* (2015-12-15), two of that module's PGC_USERSET variables facilitated
7082+
* trivial escalation to superuser privileges. Restrict the variables to
7083+
* protect sites that have yet to upgrade pljava.
7084+
*/
7085+
if (context == PGC_USERSET &&
7086+
(strcmp(name, "pljava.classpath") == 0 ||
7087+
strcmp(name, "pljava.vmoptions") == 0))
7088+
context = PGC_SUSET;
7089+
70797090
gen = (struct config_generic *) guc_malloc(ERROR, sz);
70807091
memset(gen, 0, sz);
70817092

0 commit comments

Comments
 (0)