Refactor permissions checks for large objects. Up to now, ACL checks for large objects happened at the level of the SQL-callable functions, which led to CVE-2017-7548 because of a missing check. Push them down to be enforced in inv_api.c as much as possible, in hopes of preventing future bugs. This does have the effect of moving read and write permission errors to happen at lo_open time not loread or lowrite time, but that seems acceptable.
Michael Paquier and Tom Lane Discussion: https://postgr.es/m/cab7npqrhmnoybetnc_2ejsuzsm00z+bwkv9sy6tnvsd5gwt...@mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/ae20b23a9e7029f31ee902da08a464d968319f56 Modified Files -------------- src/backend/catalog/objectaddress.c | 2 +- src/backend/libpq/be-fsstubs.c | 88 +++++------------------ src/backend/storage/large_object/inv_api.c | 108 +++++++++++++++++++++++------ src/backend/utils/misc/guc.c | 12 ++-- src/include/libpq/be-fsstubs.h | 5 -- src/include/storage/large_object.h | 13 ++-- 6 files changed, 117 insertions(+), 111 deletions(-) -- Sent via pgsql-committers mailing list (pgsql-committers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
