Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
commit: b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree: 536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/backend/utils/init/postinit.c
parent: 54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index dfe338c2bfe..efb48d92ec2 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -669,7 +669,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,
 		Assert(!bootstrap);
 
 		/* must have authenticated as a replication role */
-		if (!is_authenticated_user_replication_role())
+		if (!has_rolreplication(GetUserId()))
 			ereport(FATAL,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("must be replication role to start walsender")));
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
commit	b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree	536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/backend/utils/init/postinit.c
parent	54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)