Prevent PL/Tcl from executing untrustworthy code from pltcl_modules (Tom)
PL/Tcl's feature for autoloading Tcl code from a database table could be exploited for trojan-horse attacks, because there was no restriction on who could create or insert into that table. This change disables the feature unless pltcl_modules is owned by a superuser. (However, the permissions on the table are not checked, so installations that really need a less-than-secure modules table can still grant suitable privileges to trusted non-superusers.) Also, prevent loading code into the unrestricted "normal" Tcl interpreter unless we are really going to execute a pltclu function. (CVE-2010-1170)
Fix data corruption during WAL replay of ALTER ... SET TABLESPACE (Tom)
When archive_mode is on, ALTER ... SET TABLESPACE generates a WAL record whose replay logic was incorrect. It could write the data to the wrong place, leading to possibly-unrecoverable data corruption. Data corruption would be observed on standby slaves, and could occur on the master as well if a database crash and recovery occurred after committing the ALTER and before the next checkpoint.
Fix possible crash if a cache reset message is received during rebuild of a relcache entry (Heikki)
This error was introduced in 8.4.3 while fixing a related failure.
Apply per-function GUC settings while running the language validator for the function (Itagaki Takahiro)
This avoids failures if the function's code is invalid without the setting; an example is that SQL functions may not parse if the search_path is not correct. more
You can perform database structure modeling, generation and modification.
Comments (3)