1. 31 Aug, 2007 8 commits
  2. 30 Aug, 2007 3 commits
  3. 29 Aug, 2007 7 commits
  4. 28 Aug, 2007 12 commits
  5. 27 Aug, 2007 9 commits
    • Magnus Hagander's avatar
      Exclude tsearch2 contrib tests in regression tests, · 69e86a5d
      Magnus Hagander authored
      pending decision on exactly what will happen with
      contrib/tsearch2 now that it's in core.
      69e86a5d
    • Magnus Hagander's avatar
      Install stopword files · 90d9fc0a
      Magnus Hagander authored
      90d9fc0a
    • Magnus Hagander's avatar
      3b1e04c3
    • Tom Lane's avatar
      Fix a couple of misbehaviors rooted in the fact that the default creation · 862861ee
      Tom Lane authored
      namespace isn't necessarily first in the search path (there could be implicit
      schemas ahead of it).  Examples are
      
      test=# set search_path TO s1;
      
      test=# create view pg_timezone_names as select * from pg_timezone_names();
      ERROR:  "pg_timezone_names" is already a view
      
      test=# create table pg_class (f1 int primary key);
      ERROR:  permission denied: "pg_class" is a system catalog
      
      You'd expect these commands to create the requested objects in s1, since
      names beginning with pg_ aren't supposed to be reserved anymore.  What is
      happening is that we create the requested base table and then execute
      additional commands (here, CREATE RULE or CREATE INDEX), and that code is
      passed the same RangeVar that was in the original command.  Since that
      RangeVar has schemaname = NULL, the secondary commands think they should do a
      path search, and that means they find system catalogs that are implicitly in
      front of s1 in the search path.
      
      This is perilously close to being a security hole: if the secondary command
      failed to apply a permission check then it'd be possible for unprivileged
      users to make schema modifications to system catalogs.  But as far as I can
      find, there is no code path in which a check doesn't occur.  Which makes it
      just a weird corner-case bug for people who are silly enough to want to
      name their tables the same as a system catalog.
      
      The relevant code has changed quite a bit since 8.2, which means this patch
      wouldn't work as-is in the back branches.  Since it's a corner case no one
      has reported from the field, I'm not going to bother trying to back-patch.
      862861ee
    • Tom Lane's avatar
      Remove the 'not in' operator (!!=). This was a hangover from Berkeley · 6c96188c
      Tom Lane authored
      days that was obsolete the moment we had IN (SELECT ...) capability.
      It's arguably a security hole since it applied no permissions check to
      the table it searched, and since it was never documented anywhere,
      removing it seems more appropriate than fixing it.
      6c96188c
    • Tom Lane's avatar
      Require SELECT privilege on a table to do dblink_get_pkey(). This is · a41e46b2
      Tom Lane authored
      not all that exciting when the system catalogs are readable by all,
      but some people try to lock them down, and would not like this sort of
      end run ...
      a41e46b2
    • Tom Lane's avatar
      Restrict pg_relation_size to relation owner, pg_database_size to DB owner, · cc26599b
      Tom Lane authored
      and pg_tablespace_size to superusers.  Perhaps we could weaken the first
      case to just require SELECT privilege, but that doesn't work for the
      other cases, so use ownership as the common concept.
      cc26599b
    • Tom Lane's avatar
      Make currtid() functions require SELECT privileges on the target table. · 741e952b
      Tom Lane authored
      While it's not clear that TID linkage info is of any great use to a
      nefarious user, it's certainly unexpected that these functions wouldn't
      insist on read privileges.
      741e952b
    • Tom Lane's avatar
      Restrict pgrowlocks function to superusers. (This might be too strict, · 56f3fb3b
      Tom Lane authored
      but no permissions check at all is certainly no good.)  Clean up usage
      of some deprecated APIs.
      56f3fb3b
  6. 26 Aug, 2007 1 commit