Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitce9ab88

Browse files
committed
Make REPLICATION privilege checks test current user not authenticated user.
The pg_start_backup() and pg_stop_backup() functions checked the privilegesof the initially-authenticated user rather than the current user, which iswrong. For example, a user-defined index function could successfully callthese functions when executed by ANALYZE within autovacuum. This couldallow an attacker with valid but low-privilege database access to interferewith creation of routine backups. Reported and fixed by Noah Misch.Security:CVE-2013-1901
1 parent8507907 commitce9ab88

File tree

4 files changed

+7
-7
lines changed

4 files changed

+7
-7
lines changed

‎src/backend/access/transam/xlog.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8367,7 +8367,7 @@ do_pg_start_backup(const char *backupidstr, bool fast, TimeLineID *starttli_p,
83678367

83688368
backup_started_in_recovery=RecoveryInProgress();
83698369

8370-
if (!superuser()&& !is_authenticated_user_replication_role())
8370+
if (!superuser()&& !has_rolreplication(GetUserId()))
83718371
ereport(ERROR,
83728372
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
83738373
errmsg("must be superuser or replication role to run a backup")));
@@ -8705,7 +8705,7 @@ do_pg_stop_backup(char *labelfile, bool waitforarchive, TimeLineID *stoptli_p)
87058705

87068706
backup_started_in_recovery=RecoveryInProgress();
87078707

8708-
if (!superuser()&& !is_authenticated_user_replication_role())
8708+
if (!superuser()&& !has_rolreplication(GetUserId()))
87098709
ereport(ERROR,
87108710
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
87118711
(errmsg("must be superuser or replication role to run a backup"))));

‎src/backend/utils/init/miscinit.c‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -390,15 +390,15 @@ SetUserIdAndContext(Oid userid, bool sec_def_context)
390390

391391

392392
/*
393-
* Checkif the authenticated user is a replication role
393+
* Checkwhether specified role has explicit REPLICATION privilege
394394
*/
395395
bool
396-
is_authenticated_user_replication_role(void)
396+
has_rolreplication(Oidroleid)
397397
{
398398
boolresult= false;
399399
HeapTupleutup;
400400

401-
utup=SearchSysCache1(AUTHOID,ObjectIdGetDatum(AuthenticatedUserId));
401+
utup=SearchSysCache1(AUTHOID,ObjectIdGetDatum(roleid));
402402
if (HeapTupleIsValid(utup))
403403
{
404404
result= ((Form_pg_authid)GETSTRUCT(utup))->rolreplication;

‎src/backend/utils/init/postinit.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -726,7 +726,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,
726726
{
727727
Assert(!bootstrap);
728728

729-
if (!superuser()&& !is_authenticated_user_replication_role())
729+
if (!superuser()&& !has_rolreplication(GetUserId()))
730730
ereport(FATAL,
731731
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
732732
errmsg("must be superuser or replication role to start walsender")));

‎src/include/miscadmin.h‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -439,7 +439,7 @@ extern void ValidatePgVersion(const char *path);
439439
externvoidprocess_shared_preload_libraries(void);
440440
externvoidprocess_local_preload_libraries(void);
441441
externvoidpg_bindtextdomain(constchar*domain);
442-
externboolis_authenticated_user_replication_role(void);
442+
externboolhas_rolreplication(Oidroleid);
443443

444444
/* in access/transam/xlog.c */
445445
externboolBackupInProgress(void);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp