Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite79350f

Browse files
committed
Remove explicit superuser checks in favor of ACLs
This removes the explicit superuser checks in the various file-accessfunctions in the backend, specifically pg_ls_dir(), pg_read_file(),pg_read_binary_file(), and pg_stat_file(). Instead, EXECUTE is REVOKE'dfrom public for these, meaning that only a superuser is able to run themby default, but access to them can be GRANT'd to other roles.Reviewed-By: Michael PaquierDiscussion:https://postgr.es/m/20171231191939.GR2416%40tamriel.snowman.net
1 parent94c1f9b commite79350f

File tree

2 files changed

+14
-20
lines changed

2 files changed

+14
-20
lines changed

‎src/backend/catalog/system_views.sql

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1156,6 +1156,20 @@ REVOKE EXECUTE ON FUNCTION lo_export(oid, text) FROM public;
11561156
REVOKE EXECUTEON FUNCTION pg_ls_logdir()FROM public;
11571157
REVOKE EXECUTEON FUNCTION pg_ls_waldir()FROM public;
11581158

1159+
REVOKE EXECUTEON FUNCTION pg_read_file(text)FROM public;
1160+
REVOKE EXECUTEON FUNCTION pg_read_file(text,bigint,bigint)FROM public;
1161+
REVOKE EXECUTEON FUNCTION pg_read_file(text,bigint,bigint,boolean)FROM public;
1162+
1163+
REVOKE EXECUTEON FUNCTION pg_read_binary_file(text)FROM public;
1164+
REVOKE EXECUTEON FUNCTION pg_read_binary_file(text,bigint,bigint)FROM public;
1165+
REVOKE EXECUTEON FUNCTION pg_read_binary_file(text,bigint,bigint,boolean)FROM public;
1166+
1167+
REVOKE EXECUTEON FUNCTION pg_stat_file(text)FROM public;
1168+
REVOKE EXECUTEON FUNCTION pg_stat_file(text,boolean)FROM public;
1169+
1170+
REVOKE EXECUTEON FUNCTION pg_ls_dir(text)FROM public;
1171+
REVOKE EXECUTEON FUNCTION pg_ls_dir(text,boolean,boolean)FROM public;
1172+
11591173
--
11601174
-- We also set up some things as accessible to standard roles.
11611175
--

‎src/backend/utils/adt/genfile.c

Lines changed: 0 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -195,11 +195,6 @@ pg_read_file(PG_FUNCTION_ARGS)
195195
char*filename;
196196
text*result;
197197

198-
if (!superuser())
199-
ereport(ERROR,
200-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
201-
(errmsg("must be superuser to read files"))));
202-
203198
/* handle optional arguments */
204199
if (PG_NARGS() >=3)
205200
{
@@ -236,11 +231,6 @@ pg_read_binary_file(PG_FUNCTION_ARGS)
236231
char*filename;
237232
bytea*result;
238233

239-
if (!superuser())
240-
ereport(ERROR,
241-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
242-
(errmsg("must be superuser to read files"))));
243-
244234
/* handle optional arguments */
245235
if (PG_NARGS() >=3)
246236
{
@@ -313,11 +303,6 @@ pg_stat_file(PG_FUNCTION_ARGS)
313303
TupleDesctupdesc;
314304
boolmissing_ok= false;
315305

316-
if (!superuser())
317-
ereport(ERROR,
318-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
319-
(errmsg("must be superuser to get file information"))));
320-
321306
/* check the optional argument */
322307
if (PG_NARGS()==2)
323308
missing_ok=PG_GETARG_BOOL(1);
@@ -399,11 +384,6 @@ pg_ls_dir(PG_FUNCTION_ARGS)
399384
directory_fctx*fctx;
400385
MemoryContextoldcontext;
401386

402-
if (!superuser())
403-
ereport(ERROR,
404-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
405-
(errmsg("must be superuser to get directory listings"))));
406-
407387
if (SRF_IS_FIRSTCALL())
408388
{
409389
boolmissing_ok= false;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp