Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:29 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:29 -0400
commit: e5fdb8feadd4385671bab0e2c4c57008f3ba8dda (patch)
tree: 26450e1fe5b312ce0a6a9e17e7c2d76ae144915f /src/include/miscadmin.h
parent: fe6b242709afe807664ac0dc5daf2d37d29c8e6d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
index 8df2a28126a..5b92767682d 100644
--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -436,7 +436,7 @@ extern void ValidatePgVersion(const char *path);
 extern void process_shared_preload_libraries(void);
 extern void process_local_preload_libraries(void);
 extern void pg_bindtextdomain(const char *domain);
-extern bool is_authenticated_user_replication_role(void);
+extern bool has_rolreplication(Oid roleid);
 
 /* in access/transam/xlog.c */
 extern bool BackupInProgress(void);
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:29 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:29 -0400
commit	e5fdb8feadd4385671bab0e2c4c57008f3ba8dda (patch)
tree	26450e1fe5b312ce0a6a9e17e7c2d76ae144915f /src/include/miscadmin.h
parent	fe6b242709afe807664ac0dc5daf2d37d29c8e6d (diff)