Skip to content

Commit 0089dd3

Browse files
nmischnmisch
committed
Force certain "pljava" custom GUCs to be PGC_SUSET.
Future PL/Java versions will close CVE-2016-0766 by making these GUCs PGC_SUSET. This PostgreSQL change independently mitigates that PL/Java vulnerability, helping sites that update PostgreSQL more frequently than PL/Java. Back-patch to 9.1 (all supported versions).
1 parent 37e6946 commit 0089dd3

File tree

1 file changed

+11
-0
lines changed
  • src/backend/utils/misc

1 file changed

+11
-0
lines changed

src/backend/utils/misc/guc.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7224,6 +7224,17 @@ init_custom_variable(const char *name,
72247224
!process_shared_preload_libraries_in_progress)
72257225
elog(FATAL, "cannot create PGC_POSTMASTER variables after startup");
72267226

7227+
/*
7228+
* Before pljava commit 398f3b876ed402bdaec8bc804f29e2be95c75139
7229+
* (2015-12-15), two of that module's PGC_USERSET variables facilitated
7230+
* trivial escalation to superuser privileges. Restrict the variables to
7231+
* protect sites that have yet to upgrade pljava.
7232+
*/
7233+
if (context == PGC_USERSET &&
7234+
(strcmp(name, "pljava.classpath") == 0 ||
7235+
strcmp(name, "pljava.vmoptions") == 0))
7236+
context = PGC_SUSET;
7237+
72277238
gen = (struct config_generic *) guc_malloc(ERROR, sz);
72287239
memset(gen, 0, sz);
72297240

0 commit comments

Comments
 (0)