Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:35 -0400
commit: b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree: 536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/include/miscadmin.h
parent: 54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
index 29363ead1a0..82af9ab89fa 100644
--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -395,7 +395,7 @@ extern void ValidatePgVersion(const char *path);
 extern void process_shared_preload_libraries(void);
 extern void process_local_preload_libraries(void);
 extern void pg_bindtextdomain(const char *domain);
-extern bool is_authenticated_user_replication_role(void);
+extern bool has_rolreplication(Oid roleid);
 
 /* in access/transam/xlog.c */
 extern bool BackupInProgress(void);
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:35 -0400
commit	b403f4107ba74bcf29499ba3e77e0eae70e62679 (patch)
tree	536f6e02b5e580c4907beef9f4823ef27b9b0acf /src/include/miscadmin.h
parent	54d4a8f023783dd05d5f09136724997a73e33aa9 (diff)