Make REPLICATION privilege checks test current user not authenticated user.

The pg_start_backup() and pg_stop_backup() functions checked the privileges of the initially-authenticated user rather than the current user, which is wrong. For example, a user-defined index function could successfully call these functions when executed by ANALYZE within autovacuum. This could allow an attacker with valid but low-privilege database access to interfere with creation of routine backups. Reported and fixed by Noah Misch. Security: CVE-2013-1901
author: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:24 -0400
committer: Tom Lane <tgl@sss.pgh.pa.us> 2013-04-01 13:09:24 -0400
commit: ce9ab88981495d975aade8fc664f99f68fc18e2b (patch)
tree: 9d484b80504beb9d97036a17767c0a21e4dadaa0 /src/include/miscadmin.h
parent: 85079078acb4f120335f54f38f93635dd8c8b83d (diff)
download: postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.tar.gz
postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/include/miscadmin.h b/src/include/miscadmin.h
index 99858a765f1..b69ffe59cd1 100644
--- a/src/include/miscadmin.h
+++ b/src/include/miscadmin.h
@@ -439,7 +439,7 @@ extern void ValidatePgVersion(const char *path);
 extern void process_shared_preload_libraries(void);
 extern void process_local_preload_libraries(void);
 extern void pg_bindtextdomain(const char *domain);
-extern bool is_authenticated_user_replication_role(void);
+extern bool has_rolreplication(Oid roleid);
 
 /* in access/transam/xlog.c */
 extern bool BackupInProgress(void);
author	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:24 -0400
committer	Tom Lane <tgl@sss.pgh.pa.us>	2013-04-01 13:09:24 -0400
commit	ce9ab88981495d975aade8fc664f99f68fc18e2b (patch)
tree	9d484b80504beb9d97036a17767c0a21e4dadaa0 /src/include/miscadmin.h
parent	85079078acb4f120335f54f38f93635dd8c8b83d (diff)
download	postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.tar.gz postgresql-ce9ab88981495d975aade8fc664f99f68fc18e2b.zip