Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitcc26599

Browse files
committed
Restrict pg_relation_size to relation owner, pg_database_size to DB owner,
and pg_tablespace_size to superusers. Perhaps we could weaken the firstcase to just require SELECT privilege, but that doesn't work for theother cases, so use ownership as the common concept.
1 parent741e952 commitcc26599

File tree

1 file changed

+37
-1
lines changed

1 file changed

+37
-1
lines changed

‎src/backend/utils/adt/dbsize.c

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
* Copyright (c) 2002-2007, PostgreSQL Global Development Group
66
*
77
* IDENTIFICATION
8-
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.12 2007/03/11 05:22:00 alvherre Exp $
8+
* $PostgreSQL: pgsql/src/backend/utils/adt/dbsize.c,v 1.13 2007/08/27 01:19:14 tgl Exp $
99
*
1010
*/
1111

@@ -22,6 +22,7 @@
2222
#include"commands/tablespace.h"
2323
#include"miscadmin.h"
2424
#include"storage/fd.h"
25+
#include"utils/acl.h"
2526
#include"utils/builtins.h"
2627
#include"utils/syscache.h"
2728
#include"utils/relcache.h"
@@ -121,6 +122,10 @@ pg_database_size_oid(PG_FUNCTION_ARGS)
121122
{
122123
OiddbOid=PG_GETARG_OID(0);
123124

125+
if (!pg_database_ownercheck(dbOid,GetUserId()))
126+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_DATABASE,
127+
get_database_name(dbOid));
128+
124129
PG_RETURN_INT64(calculate_database_size(dbOid));
125130
}
126131

@@ -136,6 +141,10 @@ pg_database_size_name(PG_FUNCTION_ARGS)
136141
errmsg("database \"%s\" does not exist",
137142
NameStr(*dbName))));
138143

144+
if (!pg_database_ownercheck(dbOid,GetUserId()))
145+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_DATABASE,
146+
NameStr(*dbName));
147+
139148
PG_RETURN_INT64(calculate_database_size(dbOid));
140149
}
141150

@@ -203,6 +212,11 @@ pg_tablespace_size_oid(PG_FUNCTION_ARGS)
203212
{
204213
OidtblspcOid=PG_GETARG_OID(0);
205214

215+
if (!superuser())
216+
ereport(ERROR,
217+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
218+
(errmsg("must be superuser to use pg_tablespace_size"))));
219+
206220
PG_RETURN_INT64(calculate_tablespace_size(tblspcOid));
207221
}
208222

@@ -212,6 +226,11 @@ pg_tablespace_size_name(PG_FUNCTION_ARGS)
212226
NametblspcName=PG_GETARG_NAME(0);
213227
OidtblspcOid=get_tablespace_oid(NameStr(*tblspcName));
214228

229+
if (!superuser())
230+
ereport(ERROR,
231+
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
232+
(errmsg("must be superuser to use pg_tablespace_size"))));
233+
215234
if (!OidIsValid(tblspcOid))
216235
ereport(ERROR,
217236
(errcode(ERRCODE_UNDEFINED_OBJECT),
@@ -270,6 +289,10 @@ pg_relation_size_oid(PG_FUNCTION_ARGS)
270289

271290
rel=relation_open(relOid,AccessShareLock);
272291

292+
if (!pg_class_ownercheck(RelationGetRelid(rel),GetUserId()))
293+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
294+
RelationGetRelationName(rel));
295+
273296
size=calculate_relation_size(&(rel->rd_node));
274297

275298
relation_close(rel,AccessShareLock);
@@ -288,6 +311,10 @@ pg_relation_size_name(PG_FUNCTION_ARGS)
288311
relrv=makeRangeVarFromNameList(textToQualifiedNameList(relname));
289312
rel=relation_openrv(relrv,AccessShareLock);
290313

314+
if (!pg_class_ownercheck(RelationGetRelid(rel),GetUserId()))
315+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
316+
RelationGetRelationName(rel));
317+
291318
size=calculate_relation_size(&(rel->rd_node));
292319

293320
relation_close(rel,AccessShareLock);
@@ -309,6 +336,11 @@ calculate_total_relation_size(Oid Relid)
309336
ListCell*cell;
310337

311338
heapRel=relation_open(Relid,AccessShareLock);
339+
340+
if (!pg_class_ownercheck(RelationGetRelid(heapRel),GetUserId()))
341+
aclcheck_error(ACLCHECK_NOT_OWNER,ACL_KIND_CLASS,
342+
RelationGetRelationName(heapRel));
343+
312344
toastOid=heapRel->rd_rel->reltoastrelid;
313345

314346
/* Get the heap size */
@@ -348,6 +380,8 @@ pg_total_relation_size_oid(PG_FUNCTION_ARGS)
348380
{
349381
Oidrelid=PG_GETARG_OID(0);
350382

383+
/* permission check is inside calculate_total_relation_size */
384+
351385
PG_RETURN_INT64(calculate_total_relation_size(relid));
352386
}
353387

@@ -361,6 +395,8 @@ pg_total_relation_size_name(PG_FUNCTION_ARGS)
361395
relrv=makeRangeVarFromNameList(textToQualifiedNameList(relname));
362396
relid=RangeVarGetRelid(relrv, false);
363397

398+
/* permission check is inside calculate_total_relation_size */
399+
364400
PG_RETURN_INT64(calculate_total_relation_size(relid));
365401
}
366402

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp