Restrict accesses to non-system views and foreign tables during pg_dump. When pg_dump retrieves the list of database objects and performs the data dump, there was possibility that objects are replaced with others of the same name, such as views, and access them. This vulnerability could result in code execution with superuser privileges during the pg_dump process.
This issue can arise when dumping data of sequences, foreign tables (only 13 or later), or tables registered with a WHERE clause in the extension configuration table. To address this, pg_dump now utilizes the newly introduced restrict_nonsystem_relation_kind GUC parameter to restrict the accesses to non-system views and foreign tables during the dump process. This new GUC parameter is added to back branches too, but these changes do not require cluster recreation. Back-patch to all supported branches. Reviewed-by: Noah Misch Security: CVE-2024-7348 Backpatch-through: 12 Branch ------ REL_12_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/79c7a7e29695a32fef2e65682be224b8d61ec972 Modified Files -------------- contrib/postgres_fdw/expected/postgres_fdw.out | 9 ++++ contrib/postgres_fdw/sql/postgres_fdw.sql | 7 +++ doc/src/sgml/config.sgml | 17 +++++++ src/backend/foreign/foreign.c | 10 ++++ src/backend/optimizer/plan/createplan.c | 13 ++++++ src/backend/optimizer/util/plancat.c | 12 +++++ src/backend/rewrite/rewriteHandler.c | 17 +++++++ src/backend/tcop/postgres.c | 63 ++++++++++++++++++++++++++ src/backend/utils/misc/guc.c | 12 +++++ src/bin/pg_dump/pg_dump.c | 47 +++++++++++++++++++ src/include/tcop/tcopprot.h | 9 ++++ src/test/regress/expected/create_view.out | 19 +++++++- src/test/regress/sql/create_view.sql | 8 ++++ 13 files changed, 242 insertions(+), 1 deletion(-)