diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2013-04-01 13:09:24 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2013-04-01 13:09:24 -0400 |
| commit | ce9ab88981495d975aade8fc664f99f68fc18e2b (patch) | |
| tree | 9d484b80504beb9d97036a17767c0a21e4dadaa0 /src/backend/utils/init/postinit.c | |
| parent | 85079078acb4f120335f54f38f93635dd8c8b83d (diff) | |
| download | postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.tar.gz postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.zip | |
Make REPLICATION privilege checks test current user not authenticated user.
The pg_start_backup() and pg_stop_backup() functions checked the privileges
of the initially-authenticated user rather than the current user, which is
wrong. For example, a user-defined index function could successfully call
these functions when executed by ANALYZE within autovacuum. This could
allow an attacker with valid but low-privilege database access to interfere
with creation of routine backups. Reported and fixed by Noah Misch.
Security: CVE-2013-1901
Diffstat (limited to 'src/backend/utils/init/postinit.c')
| -rw-r--r-- | src/backend/utils/init/postinit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 5f8f98b5e03..da3127ea9c9 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -726,7 +726,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, { Assert(!bootstrap); - if (!superuser() && !is_authenticated_user_replication_role()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(FATAL, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser or replication role to start walsender"))); |