Refactor permissions checks for large objects.

Up to now, ACL checks for large objects happened at the level of the SQL-callable functions, which led to CVE-2017-7548 because of a missing check. Push them down to be enforced in inv_api.c as much as possible, in hopes of preventing future bugs. This does have the effect of moving read and write permission errors to happen at lo_open time not loread or lowrite time, but that seems acceptable. Michael Paquier and Tom Lane Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com
2025-11-04 20:11:56 +03:00 · 2017-11-09 12:56:07 -05:00
parent 5ecc0d738e
commit ae20b23a9e
6 changed files with 118 additions and 112 deletions
--- a/src/include/libpq/be-fsstubs.h
+++ b/src/include/libpq/be-fsstubs.h
@@ -14,11 +14,6 @@
 #ifndef BE_FSSTUBS_H
 #define BE_FSSTUBS_H

-/*
- * compatibility option for access control
- */
-extern bool lo_compat_privileges;
-
 /*
 * These are not fmgr-callable, but are available to C code.
 * Probably these should have had the underscore-free names,