Refactor permissions checks for large objects.
Up to now, ACL checks for large objects happened at the level of
the SQL-callable functions, which led to CVE-2017-7548 because of a
missing check. Push them down to be enforced in inv_api.c as much
as possible, in hopes of preventing future bugs. This does have the
effect of moving read and write permission errors to happen at lo_open
time not loread or lowrite time, but that seems acceptable.
Michael Paquier and Tom Lane
Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/ae20b23a9e7029f31ee902da08a464d968319f56
Modified Files
--------------
src/backend/catalog/objectaddress.c | 2 +-
src/backend/libpq/be-fsstubs.c | 88 +++++------------------
src/backend/storage/large_object/inv_api.c | 108 +++++++++++++++++++++++------
src/backend/utils/misc/guc.c | 12 ++--
src/include/libpq/be-fsstubs.h | 5 --
src/include/storage/large_object.h | 13 ++--
6 files changed, 117 insertions(+), 111 deletions(-)
--
Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-committers
