From 87c00782c691f2c6c13768cd6d96b19de69cab16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=ADn=20Marqu=C3=A9s?= Date: Tue, 2 Jun 2020 10:44:42 -0300 Subject: [PATCH v3 1/4] Access to pg_replication_origin_status view has restricted access only for superusers due to it using pg_show_replication_origin_status(), and all replication origin functions requiring superuser rights. This patch removes the check for superuser priviledges when executing replication origin functions, which is hardcoded, and instead rely on ACL checks. This patch will also revoke execution of such functions from PUBLIC --- src/backend/catalog/system_views.sql | 16 ++++++++++++++++ src/backend/replication/logical/origin.c | 5 ----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index 56420bbc9d6..6658f0c2eb2 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -1469,6 +1469,22 @@ REVOKE EXECUTE ON FUNCTION pg_stat_file(text,boolean) FROM public; REVOKE EXECUTE ON FUNCTION pg_ls_dir(text) FROM public; REVOKE EXECUTE ON FUNCTION pg_ls_dir(text,boolean,boolean) FROM public; +-- +-- Permision to execute Replication Origin functions should be revoked from public +-- +REVOKE EXECUTE ON FUNCTION pg_replication_origin_advance(text, pg_lsn) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_create(text) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_drop(text) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_oid(text) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_progress(text, boolean) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_session_is_setup() FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_session_progress(boolean) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_session_reset() FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_session_setup(text) FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_xact_reset() FROM public; +REVOKE EXECUTE ON FUNCTION pg_replication_origin_xact_setup(pg_lsn, timestamp with time zone) FROM public; +REVOKE EXECUTE ON FUNCTION pg_show_replication_origin_status() FROM public; + -- -- We also set up some things as accessible to standard roles. -- diff --git a/src/backend/replication/logical/origin.c b/src/backend/replication/logical/origin.c index 981d60f135d..1f223daf21f 100644 --- a/src/backend/replication/logical/origin.c +++ b/src/backend/replication/logical/origin.c @@ -182,11 +182,6 @@ static ReplicationState *session_replication_state = NULL; static void replorigin_check_prerequisites(bool check_slots, bool recoveryOK) { - if (!superuser()) - ereport(ERROR, - (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), - errmsg("only superusers can query or manipulate replication origins"))); - if (check_slots && max_replication_slots == 0) ereport(ERROR, (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE), -- 2.21.3