summaryrefslogtreecommitdiff
path: root/src/include/miscadmin.h
diff options
context:
space:
mode:
authorTom Lane2008-01-03 21:25:00 +0000
committerTom Lane2008-01-03 21:25:00 +0000
commit108b19d8609af994f8fa69cd0d8e15a2807a1367 (patch)
tree7ef607be39ab8f10d4f57577bcb1dbe611783fb1 /src/include/miscadmin.h
parent69abe8294be828bf3f156b4265e5ae734456b915 (diff)
Make standard maintenance operations (including VACUUM, ANALYZE, REINDEX,
and CLUSTER) execute as the table owner rather than the calling user, using the same privilege-switching mechanism already used for SECURITY DEFINER functions. The purpose of this change is to ensure that user-defined functions used in index definitions cannot acquire the privileges of a superuser account that is performing routine maintenance. While a function used in an index is supposed to be IMMUTABLE and thus not able to do anything very interesting, there are several easy ways around that restriction; and even if we could plug them all, there would remain a risk of reading sensitive information and broadcasting it through a covert channel such as CPU usage. To prevent bypassing this security measure, execution of SET SESSION AUTHORIZATION and SET ROLE is now forbidden within a SECURITY DEFINER context. Thanks to Itagaki Takahiro for reporting this vulnerability. Security: CVE-2007-6600
Diffstat (limited to 'src/include/miscadmin.h')
-rw-r--r--src/include/miscadmin.h7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
index e5333977c09..bdf8aaa0b11 100644
--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -13,7 +13,7 @@
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.174 2004/12/31 22:03:19 pgsql Exp $
+ * $PostgreSQL: pgsql/src/include/miscadmin.h,v 1.174.4.1 2008/01/03 21:25:00 tgl Exp $
*
* NOTES
* some of the information in this file should be moved to other files.
@@ -233,9 +233,10 @@ extern void SetDatabasePath(const char *path);
extern char *GetUserNameFromId(AclId userid);
extern AclId GetUserId(void);
-extern void SetUserId(AclId userid);
extern AclId GetSessionUserId(void);
-extern void SetSessionUserId(AclId userid);
+extern void GetUserIdAndContext(AclId *userid, bool *sec_def_context);
+extern void SetUserIdAndContext(AclId userid, bool sec_def_context);
+extern bool InSecurityDefinerContext(void);
extern void InitializeSessionUserId(const char *username);
extern void InitializeSessionUserIdStandalone(void);
extern void SetSessionAuthorization(AclId userid, bool is_superuser);