diff options
| author | Noah Misch <noah@leadboat.com> | 2020-08-10 09:22:54 -0700 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2020-08-10 09:22:58 -0700 |
| commit | 64a71062e0e2fd7eb1eddd3cb4138c554fb29e4c (patch) | |
| tree | d401a0e7c0a5c6e9e41ec8cca18d13e2e094fff3 /src/test | |
| parent | d4d0ec9e79af554410d840d98d4f5b8832d74229 (diff) | |
Empty search_path in logical replication apply worker and walsender.
This is like CVE-2018-1058 commit
582edc369cdbd348d68441fc50fa26a84afd0c1a. Today, a malicious user of a
publisher or subscriber database can invoke arbitrary SQL functions
under an identity running replication, often a superuser. This fix may
cause "does not exist" or "no schema has been selected to create in"
errors in a replication process. After upgrading, consider watching
server logs for these errors. Objects accruing schema qualification in
the wake of the earlier commit are unlikely to need further correction.
Back-patch to v10, which introduced logical replication.
Security: CVE-2020-14349
Diffstat (limited to 'src/test')
| -rw-r--r-- | src/test/subscription/t/001_rep_changes.pl | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/test/subscription/t/001_rep_changes.pl b/src/test/subscription/t/001_rep_changes.pl index 3f8318fc7cc..0680f44a1aa 100644 --- a/src/test/subscription/t/001_rep_changes.pl +++ b/src/test/subscription/t/001_rep_changes.pl @@ -16,6 +16,10 @@ $node_subscriber->init(allows_streaming => 'logical'); $node_subscriber->start; # Create some preexisting content on publisher +$node_publisher->safe_psql( + 'postgres', + "CREATE FUNCTION public.pg_get_replica_identity_index(int) + RETURNS regclass LANGUAGE sql AS 'SELECT 1/0'"); # shall not call $node_publisher->safe_psql('postgres', "CREATE TABLE tab_notrep AS SELECT generate_series(1,10) AS a"); $node_publisher->safe_psql('postgres', |