Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
commit: b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree: 536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/backend/utils/init/miscinit.c
parent: 54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c
index f6cd0c06759..25cbf60e657 100644
--- a/src/backend/utils/init/miscinit.c
+++ b/src/backend/utils/init/miscinit.c
@@ -389,15 +389,15 @@ SetUserIdAndContext(Oid userid, bool sec_def_context)
 
 
 /*
- * Check if the authenticated user is a replication role
+ * Check whether specified role has explicit REPLICATION privilege
  */
 bool
-is_authenticated_user_replication_role(void)
+has_rolreplication(Oid roleid)
 {
 	bool		result = false;
 	HeapTuple	utup;
 
-	utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId));
+	utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
 	if (HeapTupleIsValid(utup))
 	{
 		result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication;
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
commit	b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree	536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/backend/utils/init/miscinit.c
parent	54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)