database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Restrict pgstattuple functions to superusers. While the only one that's

Browse Source 
really a glaring security hole is bt_page_items, there's not a very good
use-case for letting ordinary users use 'em, either.
This commit is contained in:
Tom Lane
2007-08-28 23:11:12 +00:00
parent 10f4362255
commit acb6631041
2 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
contrib/pgstattuple/pgstattuple.c
View File

@ -1,5 +1,5 @@
/*
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25 2006/10/04 00:29:46 momjian Exp $
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25.2.1 2007/08/28 23:11:12 tgl Exp $
*
* Copyright (c) 2001,2002 Tatsuo Ishii
*
@ -32,6 +32,7 @@
#include "access/nbtree.h"
#include "access/transam.h"
#include "catalog/namespace.h"
#include "miscadmin.h"
#include "utils/builtins.h"
@ -163,6 +164,11 @@ pgstattuple(PG_FUNCTION_ARGS)
RangeVar *relrv;
Relation rel;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
/* open relation */
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
rel = relation_openrv(relrv, AccessShareLock);
@ -176,6 +182,11 @@ pgstattuplebyid(PG_FUNCTION_ARGS)
Oid relid = PG_GETARG_OID(0);
Relation rel;
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to use pgstattuple functions"))));
/* open relation */
rel = relation_open(relid, AccessShareLock);