aboutsummaryrefslogtreecommitdiff
path: root/contrib/adminpack/sql/adminpack.sql
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/adminpack/sql/adminpack.sql')
-rw-r--r--contrib/adminpack/sql/adminpack.sql14
1 files changed, 12 insertions, 2 deletions
diff --git a/contrib/adminpack/sql/adminpack.sql b/contrib/adminpack/sql/adminpack.sql
index 13621bd043d..1525f0a82bd 100644
--- a/contrib/adminpack/sql/adminpack.sql
+++ b/contrib/adminpack/sql/adminpack.sql
@@ -12,12 +12,22 @@ SELECT pg_read_file('test_file1');
SELECT pg_file_write('test_file1', 'test1', false);
SELECT pg_read_file('test_file1');
--- disallowed file paths
+-- disallowed file paths for non-superusers and users who are
+-- not members of pg_write_server_files
+CREATE ROLE regress_user1;
+
+GRANT pg_read_all_settings TO regress_user1;
+GRANT EXECUTE ON FUNCTION pg_file_write(text,text,bool) TO regress_user1;
+
+SET ROLE regress_user1;
SELECT pg_file_write('../test_file0', 'test0', false);
SELECT pg_file_write('/tmp/test_file0', 'test0', false);
SELECT pg_file_write(current_setting('data_directory') || '/test_file4', 'test4', false);
SELECT pg_file_write(current_setting('data_directory') || '/../test_file4', 'test4', false);
-
+RESET ROLE;
+REVOKE EXECUTE ON FUNCTION pg_file_write(text,text,bool) FROM regress_user1;
+REVOKE pg_read_all_settings FROM regress_user1;
+DROP ROLE regress_user1;
-- rename file
SELECT pg_file_rename('test_file1', 'test_file2');
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-03 17:14:38 +0000