From b403f4107ba74bcf29499ba3e77e0eae70e62679 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 1 Apr 2013 13:09:35 -0400 Subject: Make REPLICATION privilege checks test current user not authenticated user. The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901 --- src/backend/utils/init/postinit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/backend/utils/init/postinit.c') diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index dfe338c2bfe..efb48d92ec2 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -669,7 +669,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, Assert(!bootstrap); /* must have authenticated as a replication role */ - if (!is_authenticated_user_replication_role()) + if (!has_rolreplication(GetUserId())) ereport(FATAL, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be replication role to start walsender"))); -- cgit v1.2.3