pg-func-superuser-checks.patch
text/plain
Filename: pg-func-superuser-checks.patch
Type: text/plain
Part: 0
Patch
Format: unified
| File | + | − |
|---|---|---|
| src/backend/catalog/system_views.sql | 13 | 0 |
| src/backend/utils/adt/genfile.c | 0 | 30 |
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index c479c23..f6c2c53 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -773,3 +773,16 @@ CREATE FUNCTION ts_debug(IN document text,
CREATE OR REPLACE FUNCTION
pg_start_backup(label text, fast boolean DEFAULT false)
RETURNS text STRICT VOLATILE LANGUAGE internal AS 'pg_start_backup';
+
+
+/*
+Revoke privileges for functions that should be accessible by
+superusers only by default. We can't set the privileges in pg_proc.h,
+because bootstrap mode doesn't handle aclitem arrays.
+*/
+REVOKE EXECUTE ON FUNCTION pg_read_file(text, bigint, bigint) FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_read_file(text) FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_read_binary_file(text, bigint, bigint) FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_read_binary_file(text) FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_stat_file(text) FROM PUBLIC;
+REVOKE EXECUTE ON FUNCTION pg_ls_dir(text) FROM PUBLIC;
diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c
index f53c7d4..c545dd8 100644
--- a/src/backend/utils/adt/genfile.c
+++ b/src/backend/utils/adt/genfile.c
@@ -174,11 +174,6 @@
int64 bytes_to_read = PG_GETARG_INT64(2);
char *filename;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
-
filename = convert_and_check_filename(filename_t);
if (bytes_to_read < 0)
@@ -198,11 +193,6 @@
text *filename_t = PG_GETARG_TEXT_P(0);
char *filename;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
-
filename = convert_and_check_filename(filename_t);
PG_RETURN_TEXT_P(read_text_file(filename, 0, -1));
@@ -219,11 +209,6 @@
int64 bytes_to_read = PG_GETARG_INT64(2);
char *filename;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
-
filename = convert_and_check_filename(filename_t);
if (bytes_to_read < 0)
@@ -243,11 +228,6 @@
text *filename_t = PG_GETARG_TEXT_P(0);
char *filename;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to read files"))));
-
filename = convert_and_check_filename(filename_t);
PG_RETURN_BYTEA_P(read_binary_file(filename, 0, -1));
@@ -267,11 +247,6 @@
HeapTuple tuple;
TupleDesc tupdesc;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to get file information"))));
-
filename = convert_and_check_filename(filename_t);
if (stat(filename, &fst) < 0)
@@ -331,11 +306,6 @@
struct dirent *de;
directory_fctx *fctx;
- if (!superuser())
- ereport(ERROR,
- (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
- (errmsg("must be superuser to get directory listings"))));
-
if (SRF_IS_FIRSTCALL())
{
MemoryContext oldcontext;