From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 23 Sep 2008 21:12:03 +0000 (+0000)
Subject: Only show source file and line numbers to superusers, for consistent
X-Git-Tag: REL8_4_BETA1~961
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cdf5357ec9ac3f3ef6d300ddf1651e572033c506;p=postgresql

Only show source file and line numbers to superusers, for consistent
security level with other parts of the system.

Per gripe from Tom
---

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index a33cc0e41c..f0f49538e7 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -10,7 +10,7 @@
  * Written by Peter Eisentraut <peter_e@gmx.net>.
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.472 2008/09/10 19:16:22 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.473 2008/09/23 21:12:03 mha Exp $
  *
  *--------------------------------------------------------------------
  */
@@ -6176,8 +6176,12 @@ GetConfigOptionByNum(int varnum, const char **values, bool *noshow)
 			break;
 	}
 
-	/* If the setting came from a config file, set the source location */
-	if (conf->source == PGC_S_FILE)
+	/* 
+	 * If the setting came from a config file, set the source location.
+	 * For security reasons, we don't show source file/line number for
+	 * non-superusers.
+	 */
+	if (conf->source == PGC_S_FILE && superuser())
 	{
 		values[12] = conf->sourcefile;
 		snprintf(buffer, sizeof(buffer), "%d", conf->sourceline);