From e5fdb8feadd4385671bab0e2c4c57008f3ba8dda Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 1 Apr 2013 13:09:29 -0400 Subject: Make REPLICATION privilege checks test current user not authenticated user. The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901 --- src/backend/utils/init/postinit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/backend/utils/init/postinit.c') diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index ba0eba55689..3dc5331772e 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -668,7 +668,7 @@ InitPostgres(const char *in_dbname, Oid dboid, const char *username, { Assert(!bootstrap); - if (!superuser() && !is_authenticated_user_replication_role()) + if (!superuser() && !has_rolreplication(GetUserId())) ereport(FATAL, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), errmsg("must be superuser or replication role to start walsender"))); -- cgit v1.2.3