pgsql: Refactor permissions checks for large objects.

Started by Tom Laneover 8 years ago1 messagescomitters

tgl@sss.pgh.pa.us

over 8 years ago

Refactor permissions checks for large objects.

Up to now, ACL checks for large objects happened at the level of
the SQL-callable functions, which led to CVE-2017-7548 because of a
missing check. Push them down to be enforced in inv_api.c as much
as possible, in hopes of preventing future bugs. This does have the
effect of moving read and write permission errors to happen at lo_open
time not loread or lowrite time, but that seems acceptable.

Michael Paquier and Tom Lane

Discussion: /messages/by-id/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/ae20b23a9e7029f31ee902da08a464d968319f56

Modified Files
--------------
src/backend/catalog/objectaddress.c | 2 +-
src/backend/libpq/be-fsstubs.c | 88 +++++------------------
src/backend/storage/large_object/inv_api.c | 108 +++++++++++++++++++++++------
src/backend/utils/misc/guc.c | 12 ++--
src/include/libpq/be-fsstubs.h | 5 --
src/include/storage/large_object.h | 13 ++--
6 files changed, 117 insertions(+), 111 deletions(-)

--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers