mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-12 18:34:36 +08:00
Restrict pgstattuple functions to superusers. While the only one that's
really a glaring security hole is bt_page_items, there's not a very good use-case for letting ordinary users use 'em, either.
This commit is contained in:
parent
10f4362255
commit
acb6631041
@ -32,6 +32,7 @@
|
|||||||
#include "access/transam.h"
|
#include "access/transam.h"
|
||||||
#include "catalog/namespace.h"
|
#include "catalog/namespace.h"
|
||||||
#include "catalog/pg_type.h"
|
#include "catalog/pg_type.h"
|
||||||
|
#include "miscadmin.h"
|
||||||
#include "utils/builtins.h"
|
#include "utils/builtins.h"
|
||||||
#include "utils/inval.h"
|
#include "utils/inval.h"
|
||||||
|
|
||||||
@ -235,6 +236,11 @@ pgstatindex(PG_FUNCTION_ARGS)
|
|||||||
uint32 blkno;
|
uint32 blkno;
|
||||||
BTIndexStat indexStat;
|
BTIndexStat indexStat;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
|
|
||||||
@ -391,6 +397,11 @@ bt_page_stats(PG_FUNCTION_ARGS)
|
|||||||
RangeVar *relrv;
|
RangeVar *relrv;
|
||||||
Datum result;
|
Datum result;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
|
|
||||||
@ -497,6 +508,11 @@ bt_page_items(PG_FUNCTION_ARGS)
|
|||||||
MemoryContext mctx;
|
MemoryContext mctx;
|
||||||
struct user_args *uargs = NULL;
|
struct user_args *uargs = NULL;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
if (blkno == 0)
|
if (blkno == 0)
|
||||||
elog(ERROR, "Block 0 is a meta page.");
|
elog(ERROR, "Block 0 is a meta page.");
|
||||||
|
|
||||||
@ -624,6 +640,11 @@ bt_metap(PG_FUNCTION_ARGS)
|
|||||||
RangeVar *relrv;
|
RangeVar *relrv;
|
||||||
Datum result;
|
Datum result;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
|
|
||||||
@ -691,6 +712,11 @@ pg_relpages(PG_FUNCTION_ARGS)
|
|||||||
RangeVar *relrv;
|
RangeVar *relrv;
|
||||||
int4 relpages;
|
int4 relpages;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25 2006/10/04 00:29:46 momjian Exp $
|
* $PostgreSQL: pgsql/contrib/pgstattuple/pgstattuple.c,v 1.25.2.1 2007/08/28 23:11:12 tgl Exp $
|
||||||
*
|
*
|
||||||
* Copyright (c) 2001,2002 Tatsuo Ishii
|
* Copyright (c) 2001,2002 Tatsuo Ishii
|
||||||
*
|
*
|
||||||
@ -32,6 +32,7 @@
|
|||||||
#include "access/nbtree.h"
|
#include "access/nbtree.h"
|
||||||
#include "access/transam.h"
|
#include "access/transam.h"
|
||||||
#include "catalog/namespace.h"
|
#include "catalog/namespace.h"
|
||||||
|
#include "miscadmin.h"
|
||||||
#include "utils/builtins.h"
|
#include "utils/builtins.h"
|
||||||
|
|
||||||
|
|
||||||
@ -163,6 +164,11 @@ pgstattuple(PG_FUNCTION_ARGS)
|
|||||||
RangeVar *relrv;
|
RangeVar *relrv;
|
||||||
Relation rel;
|
Relation rel;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
/* open relation */
|
/* open relation */
|
||||||
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
relrv = makeRangeVarFromNameList(textToQualifiedNameList(relname));
|
||||||
rel = relation_openrv(relrv, AccessShareLock);
|
rel = relation_openrv(relrv, AccessShareLock);
|
||||||
@ -176,6 +182,11 @@ pgstattuplebyid(PG_FUNCTION_ARGS)
|
|||||||
Oid relid = PG_GETARG_OID(0);
|
Oid relid = PG_GETARG_OID(0);
|
||||||
Relation rel;
|
Relation rel;
|
||||||
|
|
||||||
|
if (!superuser())
|
||||||
|
ereport(ERROR,
|
||||||
|
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
|
||||||
|
(errmsg("must be superuser to use pgstattuple functions"))));
|
||||||
|
|
||||||
/* open relation */
|
/* open relation */
|
||||||
rel = relation_open(relid, AccessShareLock);
|
rel = relation_open(relid, AccessShareLock);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user