git.postgresql.org Git - postgresql.git/commit

git projects / postgresql.git / commit

Refactor permissions checks for large objects.

author Tom Lane <tgl@sss.pgh.pa.us>

Thu, 9 Nov 2017 17:56:07 +0000 (12:56 -0500)

committer Tom Lane <tgl@sss.pgh.pa.us>

Thu, 9 Nov 2017 17:56:07 +0000 (12:56 -0500)

commit ae20b23a9e7029f31ee902da08a464d968319f56

tree 7e4d38dbef7026c7521d0157b9e8ec616d7488b8 tree

parent 5ecc0d738e5864848bbc2d1d97e56d5846624ba2 commit | diff

Refactor permissions checks for large objects.

Up to now, ACL checks for large objects happened at the level of
the SQL-callable functions, which led to CVE-2017-7548 because of a
missing check. Push them down to be enforced in inv_api.c as much
as possible, in hopes of preventing future bugs. This does have the
effect of moving read and write permission errors to happen at lo_open
time not loread or lowrite time, but that seems acceptable.

Michael Paquier and Tom Lane

Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com

src/backend/catalog/objectaddress.c diff | blob | blame | history

src/backend/libpq/be-fsstubs.c diff | blob | blame | history

src/backend/storage/large_object/inv_api.c diff | blob | blame | history

src/backend/utils/misc/guc.c diff | blob | blame | history

src/include/libpq/be-fsstubs.h diff | blob | blame | history

src/include/storage/large_object.h diff | blob | blame | history

This is the main PostgreSQL git repository.

RSS Atom