granicus.if.org Git - postgresql/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Thu, 9 Nov 2017 17:56:07 +0000 (12:56 -0500)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Thu, 9 Nov 2017 17:56:07 +0000 (12:56 -0500)
commit	ae20b23a9e7029f31ee902da08a464d968319f56
tree	7e4d38dbef7026c7521d0157b9e8ec616d7488b8	tree \| snapshot
parent	5ecc0d738e5864848bbc2d1d97e56d5846624ba2	commit \| diff

Refactor permissions checks for large objects.

Up to now, ACL checks for large objects happened at the level of
the SQL-callable functions, which led to CVE-2017-7548 because of a
missing check. Push them down to be enforced in inv_api.c as much
as possible, in hopes of preventing future bugs. This does have the
effect of moving read and write permission errors to happen at lo_open
time not loread or lowrite time, but that seems acceptable.

Michael Paquier and Tom Lane

Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com

src/backend/catalog/objectaddress.c		diff \| blob \| history
src/backend/libpq/be-fsstubs.c		diff \| blob \| history
src/backend/storage/large_object/inv_api.c		diff \| blob \| history
src/backend/utils/misc/guc.c		diff \| blob \| history
src/include/libpq/be-fsstubs.h		diff \| blob \| history
src/include/storage/large_object.h		diff \| blob \| history