From ce9ab88981495d975aade8fc664f99f68fc18e2b Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 1 Apr 2013 13:09:24 -0400 Subject: Make REPLICATION privilege checks test current user not authenticated user. The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901 --- src/backend/utils/init/miscinit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src/backend/utils/init/miscinit.c') diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 24ca97d55c7..493e91ca610 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -390,15 +390,15 @@ SetUserIdAndContext(Oid userid, bool sec_def_context) /* - * Check if the authenticated user is a replication role + * Check whether specified role has explicit REPLICATION privilege */ bool -is_authenticated_user_replication_role(void) +has_rolreplication(Oid roleid) { bool result = false; HeapTuple utup; - utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(AuthenticatedUserId)); + utup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid)); if (HeapTupleIsValid(utup)) { result = ((Form_pg_authid) GETSTRUCT(utup))->rolreplication; -- cgit v1.2.3