From b403f4107ba74bcf29499ba3e77e0eae70e62679 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 1 Apr 2013 13:09:35 -0400 Subject: Make REPLICATION privilege checks test current user not authenticated user. The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901 --- src/backend/utils/init/miscinit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/backend/utils/init/miscinit.c') diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index f6cd0c06759..25cbf60e657 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -389,15 +389,15 @@ SetUserIdAndContext(Oid userid, bool sec_def_context) /* - * Check if the authenticated user is a replication role + * Check whether specified role has explicit REPLICATION privilege */ bool -is_authenticated_user_replication_role(void) +has_rolreplication(Oid roleid) { bool result = false; HeapTuple utup; - utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId)); + utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); if (HeapTupleIsValid(utup)) { result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication; -- cgit v1.2.3