database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Restrict pgstattuple functions to superusers. While the only one that's

Browse Source 
really a glaring security hole is bt_page_items, there's not a very good
use-case for letting ordinary users use 'em, either.
This commit is contained in:
Tom Lane
2007-08-28 23:11:12 +00:00
parent 10f4362255
commit acb6631041
2 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
contrib/pgstattuple/pgstatindex.c
View File

@ -32,6 +32,7 @@
#include "access/transam.h"
#include "catalog/namespace.h"
#include "catalog/pg_type.h"
#include "miscadmin.h"
#include "utils/builtins.h"
#include "utils/inval.h"
@ -235,6 +236,11 @@ pgstatindex(PG_FUNCTION_ARGS)
uint32 blkno;
BTIndexStat indexStat;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = relation_openrv(relrv, AccessShareLock);
@ -391,6 +397,11 @@ bt_page_stats(PG_FUNCTION_ARGS)
RangeVar *relrv;
Datum result;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = relation_openrv(relrv, AccessShareLock);
@ -497,6 +508,11 @@ bt_page_items(PG_FUNCTION_ARGS)
MemoryContext mctx;
struct user_args *uargs = NULL;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
if (blkno == 0)
elog(ERROR, "Block 0 is a meta page.");
@ -624,6 +640,11 @@ bt_metap(PG_FUNCTION_ARGS)
RangeVar *relrv;
Datum result;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = relation_openrv(relrv, AccessShareLock);
@ -691,6 +712,11 @@ pg_relpages(PG_FUNCTION_ARGS)
RangeVar *relrv;
int4 relpages;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = relation_openrv(relrv, AccessShareLock);