Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

Mandriva: Updated postgresql packages fix denial of service

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) Mandriva: Updated postgresql packages fix denial of service
# 1  
Old 01-09-2008
Mandriva: Updated postgresql packages fix denial of service
LinuxSecurity.com: Index Functions Privilege Escalation (CVE-2007-6600): as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: (1) index functions were executed as the superuser and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION were

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

pg_wrapper

PG_WRAPPER(1)						 Debian PostgreSQL infrastructure					     PG_WRAPPER(1)

NAME

       pg_wrapper - wrapper for PostgreSQL client commands

SYNOPSIS

       client-program [--cluster version/cluster] [...]

       (client-program: psql, createdb, dropuser, and all other client programs installed in /usr/lib/postgresql/version/bin).

DESCRIPTION

       This program is run only as a link to names which correspond to PostgreSQL programs in /usr/lib/postgresql/version/bin. It determines the
       configured cluster and database for the user and calls the appropriate version of the desired program to connect to that cluster and
       database, supplying any specified options to that command.

       The target cluster is selected by the following means, in descending order of precedence:

       1.  explicit specification with the --host option

       2.  explicit specification with the --cluster option

       3.  if the PGHOST environment variable is set, no further cluster selection is performed. The default PostgreSQL version and port number
	   (from the command line, the environment variable PGPORT, or default 5432) will be used.

       4.  explicit specification with the PGCLUSTER environment variable

       5.  matching entry in ~/.postgresqlrc (see postgresqlrc(5)), if that file exists

       6.  matching entry in /etc/postgresql-common/user_clusters (see user_clusters(5)), if that file exists

       7.  If only one local cluster exists, that one will be selected.

       8.  If several local clusters exist, the one listening on the default port 5432 will be selected.

       If none of these rules match, pg_wrapper aborts with an error.

OPTIONS

       --cluster version/cluster
	   cluster is either the name of a local cluster, or takes the form host:port for a remote cluster. If port is left empty (i. e. you just
	   specify host:), it defaults to 5432.

ENVIRONMENT

       PGCLUSTER
	   If $PGCLUSTER is set, its value (of the form version/cluster) specifies the desired cluster, similar to the --cluster option. However,
	   if --cluster is specified, it overrides the value of $PGCLUSTER.

       PG_CLUSTER_CONF_ROOT
	   This specifies an alternative base directory for cluster configurations. This is usually /etc/postgresql/, but for testing/development
	   purposes you can change this to point to e. g. your home directory, so that you can use the postgresql-common tools without root
	   privileges.

FILES

       /etc/postgresql-common/user_clusters
	   stores the default cluster and database for users and groups as set by the administrators.

       $HOME/.postgresqlrc
	   stores defaults set by the user himself.

SEE ALSO

       user_clusters(5), postgresqlrc(5)

AUTHOR

       Martin Pitt <mpitt@debian.org>

Debian								    2013-01-04							     PG_WRAPPER(1)