Restrict pgstattuple functions to superusers. While the only one that's

really a glaring security hole is bt_page_items, there's not a very good
use-case for letting ordinary users use 'em, either.

diff --git a/contrib/pgstattuple/pgstatindex.c b/contrib/pgstattuple/pgstatindex.c
index f1385ef0c8adc89630613baf2ee746b3d9a832d7..fe2062f9bd093edc04b3ed38d7a0212763f1569a 100644 (file)
--- a/contrib/pgstattuple/pgstatindex.c
+++ b/contrib/pgstattuple/pgstatindex.c
@@ -32,6 +32,7 @@
 #include "access/transam.h"
 #include "catalog/namespace.h"
 #include "catalog/pg_type.h"
+#include "miscadmin.h"
 #include "utils/builtins.h"
 #include "utils/inval.h"
 
@@ -235,6 +236,11 @@ pgstatindex(PG_FUNCTION_ARGS)
        uint32          blkno;
        BTIndexStat indexStat;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = relation_openrv(relrv, AccessShareLock);
 
@@ -391,6 +397,11 @@ bt_page_stats(PG_FUNCTION_ARGS)
        RangeVar   *relrv;
        Datum           result;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = relation_openrv(relrv, AccessShareLock);
 
@@ -497,6 +508,11 @@ bt_page_items(PG_FUNCTION_ARGS)
        MemoryContext mctx;
        struct user_args *uargs = NULL;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        if (blkno == 0)
                elog(ERROR, "Block 0 is a meta page.");
 
@@ -624,6 +640,11 @@ bt_metap(PG_FUNCTION_ARGS)
        RangeVar   *relrv;
        Datum           result;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = relation_openrv(relrv, AccessShareLock);
 
@@ -691,6 +712,11 @@ pg_relpages(PG_FUNCTION_ARGS)
        RangeVar   *relrv;
        int4            relpages;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = relation_openrv(relrv, AccessShareLock);
 

diff --git a/contrib/pgstattuple/pgstattuple.c b/contrib/pgstattuple/pgstattuple.c
index 5bac70949d098a48d0cd5cb1e5a37b0bf39ff5c1..2bc2067bbc7d3bc5985021d81f370fd41b622592 100644 (file)
--- a/contrib/pgstattuple/pgstattuple.c
+++ b/contrib/pgstattuple/pgstattuple.c
@@ -1,5 +1,5 @@
 /*
- * $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25 2006/10/04 00:29:46 momjian Exp $
+ * $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25.2.1 2007/08/28 23:11:12 tgl Exp $
  *
  * Copyright (c) 2001,2002     Tatsuo Ishii
  *
@@ -32,6 +32,7 @@
 #include "access/nbtree.h"
 #include "access/transam.h"
 #include "catalog/namespace.h"
+#include "miscadmin.h"
 #include "utils/builtins.h"
 
 
@@ -163,6 +164,11 @@ pgstattuple(PG_FUNCTION_ARGS)
        RangeVar   *relrv;
        Relation        rel;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        /* open relation */
        relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
        rel = relation_openrv(relrv, AccessShareLock);
@@ -176,6 +182,11 @@ pgstattuplebyid(PG_FUNCTION_ARGS)
        Oid                     relid = PG_GETARG_OID(0);
        Relation        rel;
 
+       if (!superuser())
+               ereport(ERROR,
+                               (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
+                                (errmsg("must be superuser to use pgstattuple functions"))));
+
        /* open relation */
        rel = relation_open(relid, AccessShareLock);