Refactor permissions checks for large objects.

Tom Lane <tgl@sss.pgh.pa.us>

Commit: ae20b23a9e7029f31ee902da08a464d968319f56
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2017-11-09T17:56:07Z
Releases: 11.0
Refactor permissions checks for large objects.

Up to now, ACL checks for large objects happened at the level of
the SQL-callable functions, which led to CVE-2017-7548 because of a
missing check.  Push them down to be enforced in inv_api.c as much
as possible, in hopes of preventing future bugs.  This does have the
effect of moving read and write permission errors to happen at lo_open
time not loread or lowrite time, but that seems acceptable.

Michael Paquier and Tom Lane

Discussion: https://postgr.es/m/CAB7nPqRHmNOYbETnc_2EjsuzSM00Z+BWKv9sy6tnvSd5gWT_JA@mail.gmail.com

Files

Discussion