* Avoid possible crash during backend shutdown if shutdown occurs when a CONTEXT addition would be made to log entries (Tom) Now, the ALTER will only remove the parameters that the user has permission to change. RESET ALL for a database he owns, this would remove all special parameter settings for the user or database, even ones that are only supposed to be changeable by a superuser. ![]() RESET ALL for himself, or ALTER DATABASE. Previously, if an unprivileged user ran ALTER USER. * Do not allow an unprivileged user to reset superuser-only parameter settings (Alvaro) ![]() Due to an oversight, this setting previously only caused constraint exclusion to be checked in SELECT commands. * Do constraint exclusion for inherited UPDATE and DELETE target tables when constraint_exclusion = partition (Tom) This avoids failures if the function's code is invalid without the setting an example is that SQL functions may not parse if the search_path is not correct. * Apply per-function GUC settings while running the language validator for the function (Itagaki Takahiro) This error was introduced in 8.4.3 while fixing a related failure. * Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki) Data corruption would be observed on standby slaves, and could occur on the master as well if a database crash and recovery occurred after committing the ALTER and before the next checkpoint. It could write the data to the wrong place, leading to possibly-unrecoverable data corruption. SET TABLESPACE generates a WAL record whose replay logic was incorrect. * Fix data corruption during WAL replay of ALTER. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted "normal" Tcl interpreter unless we are really going to execute a pltclu function. This change disables the feature unless pltcl_modules is owned by a superuser. PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. * Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom) Pleasant side effects of the change include that it is now possible to use Perl's strict pragma in a natural way in plperl, and that Perl's $a and $b variables work as expected in sort routines, and that function compilation is significantly faster. This change removes use of Safe.pm altogether, in favor of using a separate interpreter with an opcode mask that is always applied. ![]() Recent developments have convinced us that Safe.pm is too insecure to rely on for making plperl trustable. * Enforce restrictions in plperl using an opmask applied to the whole interpreter, instead of using Safe.pm (Tim Bunce, Andrew Dunstan)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |