NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commita912a27

committed

Creator of a range type must have permission to call support functions.

Since range types can be created by non-superusers, we need to considertheir permissions. Ideally we'd check this when the type is used, notwhen it's created, but that seems like much more trouble than it's worth.The existing restriction that the support functions be immutable alreadyprevents most cases where an unauthorized call to a function might bethought a security issue, and the fact that the user has no access tothe results of the system's calls to subtype_diff closes off the otherplausible reason for concern. So this check is basically pro-forma,but let's make it anyway.

1 parent74c1723 commita912a27Copy full SHA for a912a27

File tree

1 file changed

+12

-0

lines changed

src/backend/commands
- typecmds.c

1 file changed

+12

-0

lines changed

`‎src/backend/commands/typecmds.c`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1853,6 +1853,7 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)`
`1853`	`1853`	`{`
`1854`	`1854`	`OidargList[1];`
`1855`	`1855`	`OidprocOid;`
	`1856`	`+AclResultaclresult;`
`1856`	`1857`
`1857`	`1858`	`/*`
`1858`	`1859`	`* Range canonical functions must take and return the range type, and must`
`@@ -1880,6 +1881,11 @@ findRangeCanonicalFunction(List *procname, Oid typeOid)`
`1880`	`1881`	`errmsg("range canonical function %s must be immutable",`
`1881`	`1882`	`func_signature_string(procname,1,NIL,argList))));`
`1882`	`1883`
	`1884`	`+/* Also, range type's creator must have permission to call function */`
	`1885`	`+aclresult=pg_proc_aclcheck(procOid,GetUserId(),ACL_EXECUTE);`
	`1886`	`+if (aclresult!=ACLCHECK_OK)`
	`1887`	`+aclcheck_error(aclresult,ACL_KIND_PROC,get_func_name(procOid));`
	`1888`	`+`
`1883`	`1889`	`returnprocOid;`
`1884`	`1890`	`}`
`1885`	`1891`
`@@ -1888,6 +1894,7 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)`
`1888`	`1894`	`{`
`1889`	`1895`	`OidargList[2];`
`1890`	`1896`	`OidprocOid;`
	`1897`	`+AclResultaclresult;`
`1891`	`1898`
`1892`	`1899`	`/*`
`1893`	`1900`	`* Range subtype diff functions must take two arguments of the subtype,`
`@@ -1916,6 +1923,11 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype)`
`1916`	`1923`	`errmsg("range subtype diff function %s must be immutable",`
`1917`	`1924`	`func_signature_string(procname,2,NIL,argList))));`
`1918`	`1925`
	`1926`	`+/* Also, range type's creator must have permission to call function */`
	`1927`	`+aclresult=pg_proc_aclcheck(procOid,GetUserId(),ACL_EXECUTE);`
	`1928`	`+if (aclresult!=ACLCHECK_OK)`
	`1929`	`+aclcheck_error(aclresult,ACL_KIND_PROC,get_func_name(procOid));`
	`1930`	`+`
`1919`	`1931`	`returnprocOid;`
`1920`	`1932`	`}`
`1921`	`1933`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commita912a27

File tree

1 file changed

1 file changed

`‎src/backend/commands/typecmds.c`

0 commit comments