Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:29 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:29 -0400
commit: e5fdb8feadd4385671bab0e2c4c57008f3ba8dda (patch)
tree: 26450e1fe5b312ce0a6a9e17e7c2d76ae144915f /src/backend/utils/init/postinit.c
parent: fe6b242709afe807664ac0dc5daf2d37d29c8e6d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index ba0eba55689..3dc5331772e 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -668,7 +668,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username,
 	{
 		Assert(!bootstrap);
 
-		if (!superuser() && !is_authenticated_user_replication_role())
+		if (!superuser() && !has_rolreplication(GetUserId()))
 			ereport(FATAL,
 					(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 					 errmsg("must be superuser or replication role to start walsender")));
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:29 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:29 -0400
commit	e5fdb8feadd4385671bab0e2c4c57008f3ba8dda (patch)
tree	26450e1fe5b312ce0a6a9e17e7c2d76ae144915f /src/backend/utils/init/postinit.c
parent	fe6b242709afe807664ac0dc5daf2d37d29c8e6d (diff)