aboutsummaryrefslogtreecommitdiff
path: root/src/backend/parser/parse_utilcmd.c
diff options
context:
space:
mode:
authorTom Lane <tgl@sss.pgh.pa.us>2017-11-09 12:56:07 -0500
committerTom Lane <tgl@sss.pgh.pa.us>2017-11-09 12:56:07 -0500
commitae20b23a9e7029f31ee902da08a464d968319f56 (patch)
tree7e4d38dbef7026c7521d0157b9e8ec616d7488b8 /src/backend/parser/parse_utilcmd.c
parent5ecc0d738e5864848bbc2d1d97e56d5846624ba2 (diff)
downloadpostgresql-ae20b23a9e7029f31ee902da08a464d968319f56.tar.gz
postgresql-ae20b23a9e7029f31ee902da08a464d968319f56.zip
Refactor permissions checks for large objects.
Up to now, ACL checks for large objects happened at the level of the SQL-callable functions, which led to CVE-2017-7548 because of a missing check. Push them down to be enforced in inv_api.c as much as possible, in hopes of preventing future bugs. This does have the effect of moving read and write permission errors to happen at lo_open time not loread or lowrite time, but that seems acceptable. Michael Paquier and Tom Lane Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com
Diffstat (limited to 'src/backend/parser/parse_utilcmd.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 22:55:36 +0000