mirror of
https://git.postgresql.org/git/postgresql.git
synced 2024-12-21 08:29:39 +08:00
Restrict pgstattuple functions to superusers. While the only one that's
really a glaring security hole is bt_page_items, there's not a very good use-case for letting ordinary users use 'em, either.
This commit is contained in:
parent
10f4362255
commit
acb6631041
@ -32,6 +32,7 @@
|
||||
#include "access/transam.h"
|
||||
#include "catalog/namespace.h"
|
||||
#include "catalog/pg_type.h"
|
||||
#include "miscadmin.h"
|
||||
#include "utils/builtins.h"
|
||||
#include "utils/inval.h"
|
||||
|
||||
@ -235,6 +236,11 @@ pgstatindex(PG_FUNCTION_ARGS)
|
||||
uint32 blkno;
|
||||
BTIndexStat indexStat;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = relation_openrv(relrv, AccessShareLock);
|
||||
|
||||
@ -391,6 +397,11 @@ bt_page_stats(PG_FUNCTION_ARGS)
|
||||
RangeVar *relrv;
|
||||
Datum result;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = relation_openrv(relrv, AccessShareLock);
|
||||
|
||||
@ -497,6 +508,11 @@ bt_page_items(PG_FUNCTION_ARGS)
|
||||
MemoryContext mctx;
|
||||
struct user_args *uargs = NULL;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
if (blkno == 0)
|
||||
elog(ERROR, "Block 0 is a meta page.");
|
||||
|
||||
@ -624,6 +640,11 @@ bt_metap(PG_FUNCTION_ARGS)
|
||||
RangeVar *relrv;
|
||||
Datum result;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = relation_openrv(relrv, AccessShareLock);
|
||||
|
||||
@ -691,6 +712,11 @@ pg_relpages(PG_FUNCTION_ARGS)
|
||||
RangeVar *relrv;
|
||||
int4 relpages;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = relation_openrv(relrv, AccessShareLock);
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25 2006/10/04 00:29:46 momjian Exp $
|
||||
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25.2.1 2007/08/28 23:11:12 tgl Exp $
|
||||
*
|
||||
* Copyright (c) 2001,2002 Tatsuo Ishii
|
||||
*
|
||||
@ -32,6 +32,7 @@
|
||||
#include "access/nbtree.h"
|
||||
#include "access/transam.h"
|
||||
#include "catalog/namespace.h"
|
||||
#include "miscadmin.h"
|
||||
#include "utils/builtins.h"
|
||||
|
||||
|
||||
@ -163,6 +164,11 @@ pgstattuple(PG_FUNCTION_ARGS)
|
||||
RangeVar *relrv;
|
||||
Relation rel;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
/* open relation */
|
||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||
rel = relation_openrv(relrv, AccessShareLock);
|
||||
@ -176,6 +182,11 @@ pgstattuplebyid(PG_FUNCTION_ARGS)
|
||||
Oid relid = PG_GETARG_OID(0);
|
||||
Relation rel;
|
||||
|
||||
if (!superuser())
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||
|
||||
/* open relation */
|
||||
rel = relation_open(relid, AccessShareLock);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user