diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2011-11-23 12:45:49 -0500 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2011-11-23 12:45:49 -0500 |
| commit | a912a2784be5d144aab89e447dfe8ca74b6ad079 (patch) | |
| tree | 12c4414427bcd644a9a4a3e5acf2b782afb171b6 | |
| parent | 74c1723fc8dca2d70576ef2f0a66f4a7c99c173a (diff) | |
| download | postgresql-a912a2784be5d144aab89e447dfe8ca74b6ad079.tar.gz postgresql-a912a2784be5d144aab89e447dfe8ca74b6ad079.zip | |
Creator of a range type must have permission to call support functions.
Since range types can be created by non-superusers, we need to consider
their permissions. Ideally we'd check this when the type is used, not
when it's created, but that seems like much more trouble than it's worth.
The existing restriction that the support functions be immutable already
prevents most cases where an unauthorized call to a function might be
thought a security issue, and the fact that the user has no access to
the results of the system's calls to subtype_diff closes off the other
plausible reason for concern. So this check is basically pro-forma,
but let's make it anyway.
| -rw-r--r-- | src/backend/commands/typecmds.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/backend/commands/typecmds.c b/src/backend/commands/typecmds.c index ee75600a12c..84ba1a63663 100644 --- a/src/backend/commands/typecmds.c +++ b/src/backend/commands/typecmds.c @@ -1853,6 +1853,7 @@ findRangeCanonicalFunction(List *procname, Oid typeOid) { Oid argList[1]; Oid procOid; + AclResult aclresult; /* * Range canonical functions must take and return the range type, and must @@ -1880,6 +1881,11 @@ findRangeCanonicalFunction(List *procname, Oid typeOid) errmsg("range canonical function %s must be immutable", func_signature_string(procname, 1, NIL, argList)))); + /* Also, range type's creator must have permission to call function */ + aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid)); + return procOid; } @@ -1888,6 +1894,7 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype) { Oid argList[2]; Oid procOid; + AclResult aclresult; /* * Range subtype diff functions must take two arguments of the subtype, @@ -1916,6 +1923,11 @@ findRangeSubtypeDiffFunction(List *procname, Oid subtype) errmsg("range subtype diff function %s must be immutable", func_signature_string(procname, 2, NIL, argList)))); + /* Also, range type's creator must have permission to call function */ + aclresult = pg_proc_aclcheck(procOid, GetUserId(), ACL_EXECUTE); + if (aclresult != ACLCHECK_OK) + aclcheck_error(aclresult, ACL_KIND_PROC, get_func_name(procOid)); + return procOid; } |