Skip to content

Commit 34e9173

Browse files
nmischnmisch
committed
Force certain "pljava" custom GUCs to be PGC_SUSET.
Future PL/Java versions will close CVE-2016-0766 by making these GUCs PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java vulnerability, helping sites that update PostgreSQL more frequently than PL/Java. Back-patch to 9.1 (all supported versions).
1 parent 9a3475b commit 34e9173

File tree

1 file changed

+11
-0
lines changed
  • src/backend/utils/misc

1 file changed

+11
-0
lines changed

src/backend/utils/misc/guc.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6461,6 +6461,17 @@ init_custom_variable(const char *name,
64616461
!process_shared_preload_libraries_in_progress)
64626462
elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
64636463

6464+
/*
6465+
* Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
6466+
* (2015-12-15), two of that module's PGC_USERSET variables facilitated
6467+
* trivial escalation to superuser privileges. Restrict the variables to
6468+
* protect sites that have yet to upgrade pljava.
6469+
*/
6470+
if (context == PGC_USERSET &&
6471+
(strcmp(name, "pljava.classpath") == 0 ||
6472+
strcmp(name, "pljava.vmoptions") == 0))
6473+
context = PGC_SUSET;
6474+
64646475
gen = (struct config_generic *) guc_malloc(ERROR, sz);
64656476
memset(gen, 0, sz);
64666477

0 commit comments

Comments
 (0)