From ae20b23a9e7029f31ee902da08a464d968319f56 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Thu, 9 Nov 2017 12:56:07 -0500 Subject: Refactor permissions checks for large objects. Up to now, ACL checks for large objects happened at the level of the SQL-callable functions, which led to CVE-2017-7548 because of a missing check. Push them down to be enforced in inv_api.c as much as possible, in hopes of preventing future bugs. This does have the effect of moving read and write permission errors to happen at lo_open time not loread or lowrite time, but that seems acceptable. Michael Paquier and Tom Lane Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com --- src/backend/utils/misc/guc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'src/backend/utils/misc/guc.c') diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index da061023f52..c4c1afa084b 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -43,7 +43,6 @@ #include "commands/trigger.h" #include "funcapi.h" #include "libpq/auth.h" -#include "libpq/be-fsstubs.h" #include "libpq/libpq.h" #include "libpq/pqformat.h" #include "miscadmin.h" @@ -71,6 +70,7 @@ #include "storage/dsm_impl.h" #include "storage/standby.h" #include "storage/fd.h" +#include "storage/large_object.h" #include "storage/pg_shmem.h" #include "storage/proc.h" #include "storage/predicate.h" @@ -4900,7 +4900,7 @@ ResetAllOptions(void) if (conf->assign_hook) conf->assign_hook(conf->reset_val, - conf->reset_extra); + conf->reset_extra); *conf->variable = conf->reset_val; set_extra_field(&conf->gen, &conf->gen.extra, conf->reset_extra); @@ -4912,7 +4912,7 @@ ResetAllOptions(void) if (conf->assign_hook) conf->assign_hook(conf->reset_val, - conf->reset_extra); + conf->reset_extra); *conf->variable = conf->reset_val; set_extra_field(&conf->gen, &conf->gen.extra, conf->reset_extra); @@ -4924,7 +4924,7 @@ ResetAllOptions(void) if (conf->assign_hook) conf->assign_hook(conf->reset_val, - conf->reset_extra); + conf->reset_extra); *conf->variable = conf->reset_val; set_extra_field(&conf->gen, &conf->gen.extra, conf->reset_extra); @@ -4936,7 +4936,7 @@ ResetAllOptions(void) if (conf->assign_hook) conf->assign_hook(conf->reset_val, - conf->reset_extra); + conf->reset_extra); set_string_field(conf, conf->variable, conf->reset_val); set_extra_field(&conf->gen, &conf->gen.extra, conf->reset_extra); @@ -4948,7 +4948,7 @@ ResetAllOptions(void) if (conf->assign_hook) conf->assign_hook(conf->reset_val, - conf->reset_extra); + conf->reset_extra); *conf->variable = conf->reset_val; set_extra_field(&conf->gen, &conf->gen.extra, conf->reset_extra); -- cgit v1.2.3