database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-29 10:41:53 +03:00
Code Activity

Make REPLICATION privilege checks test current user not authenticated user.

Browse Source 
The pg_start_backup() and pg_stop_backup() functions checked the privileges
of the initially-authenticated user rather than the current user, which is
wrong.  For example, a user-defined index function could successfully call
these functions when executed by ANALYZE within autovacuum.  This could
allow an attacker with valid but low-privilege database access to interfere
with creation of routine backups.  Reported and fixed by Noah Misch.

Security: CVE-2013-1901
This commit is contained in:
Tom Lane
2013-04-01 13:09:29 -04:00
parent fe6b242709
commit e5fdb8fead
4 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/access/transam/xlog.c
View File

@ -9413,7 +9413,7 @@ do_pg_start_backup(const char *backupidstr, bool fast, char **labelfile)
backup_started_in_recovery = RecoveryInProgress();
if (!superuser() && !is_authenticated_user_replication_role())
if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("must be superuser or replication role to run a backup")));
@ -9743,7 +9743,7 @@ do_pg_stop_backup(char *labelfile, bool waitforarchive)
backup_started_in_recovery = RecoveryInProgress();
if (!superuser() && !is_authenticated_user_replication_role())
if (!superuser() && !has_rolreplication(GetUserId()))
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser or replication role to run a backup"))));