Commit4cd4a54

committed

Add configurable option controlling security checks in LO functions.

1 parent1c3c080 commit4cd4a54Copy full SHA for 4cd4a54

File tree

+16

-2

lines changed

+16

-2

lines changed

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`*`
`8`	`8`	`*`
`9`	`9`	`* IDENTIFICATION`
`10`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.34 1999/05/31 22:53:57 tgl Exp $`
	`10`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/be-fsstubs.c,v 1.35 1999/06/04 21:13:38 tgl Exp $`
`11`	`11`	`*`
`12`	`12`	`* NOTES`
`13`	`13`	`* This should be moved to a more appropriate place. It is here`
`@@ -334,10 +334,12 @@ lo_import(text *filename)`
`334`	`334`	`LargeObjectDesc*lobj;`
`335`	`335`	`OidlobjOid;`
`336`	`336`
	`337`	`+#ifndefALLOW_DANGEROUS_LO_FUNCTIONS`
`337`	`338`	`if (!superuser())`
`338`	`339`	`elog(ERROR,"You must have Postgres superuser privilege to use "`
`339`	`340`	`"server-side lo_import().\n\tAnyone can use the "`
`340`	`341`	`"client-side lo_import() provided by libpq.");`
	`342`	`+#endif`
`341`	`343`
`342`	`344`	`/*`
`343`	`345`	`* open the file to be read in`
`@@ -405,10 +407,12 @@ lo_export(Oid lobjId, text *filename)`
`405`	`407`	`LargeObjectDesc*lobj;`
`406`	`408`	`mode_toumask;`
`407`	`409`
	`410`	`+#ifndefALLOW_DANGEROUS_LO_FUNCTIONS`
`408`	`411`	`if (!superuser())`
`409`	`412`	`elog(ERROR,"You must have Postgres superuser privilege to use "`
`410`	`413`	`"server-side lo_export().\n\tAnyone can use the "`
`411`	`414`	`"client-side lo_export() provided by libpq.");`
	`415`	`+#endif`
`412`	`416`
`413`	`417`	`/*`
`414`	`418`	`* open the inversion "object"`

Lines changed: 11 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -342,7 +342,7 @@ extern void srandom(unsigned int seed);`
`342`	`342`	`#undef USE_POSIX_SIGNALS`
`343`	`343`
`344`	`344`	`/*`
`345`		`- *Code below this point should not require changes`
	`345`	`+ *Pull in OS-specific declarations (using link created by configure)`
`346`	`346`	`*/`
`347`	`347`
`348`	`348`	`#include"os.h"`
`@@ -494,6 +494,16 @@ extern void srandom(unsigned int seed);`
`494`	`494`	`*/`
`495`	`495`	`/* #define PSQL_ALWAYS_GET_PASSWORDS */`
`496`	`496`
	`497`	`+/*`
	`498`	`+ * Define this if you want to allow the lo_import and lo_export SQL functions`
	`499`	`+ * to be executed by ordinary users. By default these functions are only`
	`500`	`+ * available to the Postgres superuser. CAUTION: these functions are`
	`501`	`+ * SECURITY HOLES since they can read and write any file that the Postgres`
	`502`	`+ * backend has permission to access. If you turn this on, don't say we`
	`503`	`+ * didn't warn you.`
	`504`	`+ */`
	`505`	`+/* #define ALLOW_DANGEROUS_LO_FUNCTIONS */`
	`506`	`+`
`497`	`507`	`/*`
`498`	`508`	`* Use btree bulkload code:`
`499`	`509`	`* this code is moderately slow (~10% slower) compared to the regular`

Comments

(0)